gsd - gsd-2023-5824

gsd-2023-5824

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.

Aliases

CVE-2023-5824

Aliases

CVE-2023-5824

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-5824",
    "id": "GSD-2023-5824"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-5824"
      ],
      "details": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.",
      "id": "GSD-2023-5824",
      "modified": "2023-12-13T01:20:50.645153Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2023-5824",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Red Hat Enterprise Linux 8",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8090020231130092412.a75119d5",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8020020240122164331.4cda2c84",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8020020240122164331.4cda2c84",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8020020240122164331.4cda2c84",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8040020240122165847.522a0ee4",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8040020240122165847.522a0ee4",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8040020240122165847.522a0ee4",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8060020231222131040.ad008a3a",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "8080020231222130009.63b34585",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "7:5.5-6.el9_3.2",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "7:5.2-1.el9_0.4",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "lessThan": "*",
                                "status": "unaffected",
                                "version": "7:5.5-5.el9_2.3",
                                "versionType": "rpm"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 6",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Red Hat Enterprise Linux 7",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected"
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-755",
                "lang": "eng",
                "value": "Improper Handling of Exceptional Conditions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:7465",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:7465"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2023:7668",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2023:7668"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0072",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0072"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0397",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0397"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0771",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0771"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0772",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0772"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:0773",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:0773"
          },
          {
            "name": "https://access.redhat.com/errata/RHSA-2024:1153",
            "refsource": "MISC",
            "url": "https://access.redhat.com/errata/RHSA-2024:1153"
          },
          {
            "name": "https://access.redhat.com/security/cve/CVE-2023-5824",
            "refsource": "MISC",
            "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
          },
          {
            "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255",
            "refsource": "MISC",
            "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20231130-0003/",
            "refsource": "MISC",
            "url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1D384D1F-2A05-4EE0-9CB8-C83FDC53F608",
                    "versionEndExcluding": "6.4",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug."
          },
          {
            "lang": "es",
            "value": "Squid es vulnerable a ataques de Denegaci\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales."
          }
        ],
        "id": "CVE-2023-5824",
        "lastModified": "2024-04-25T16:15:09.027",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "secalert@redhat.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-11-03T08:15:08.270",
        "references": [
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2023:7465"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2023:7668"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0072"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0397"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0771"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0772"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:0773"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://access.redhat.com/errata/RHSA-2024:1153"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Third Party Advisory"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-5824"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Issue Tracking"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
          },
          {
            "source": "secalert@redhat.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
          },
          {
            "source": "secalert@redhat.com",
            "url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
          }
        ],
        "sourceIdentifier": "secalert@redhat.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-755"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-755"
              }
            ],
            "source": "secalert@redhat.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

cve-2023-5824

Vulnerability from cvelistv5

Published

2023-11-03 07:56

Modified

2024-10-24 17:54

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Squid: dos against http and https

References

▼	URL	Tags
	https://access.redhat.com/errata/RHSA-2023:7465	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2023:7668	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0072	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0397	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0771	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0772	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:0773	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1153	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-5824	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2245914	issue-tracking, x_refsource_REDHAT
	https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255

Impacted products

▼	Vendor	Product
	Red Hat	Red Hat Enterprise Linux 8
	Red Hat	Red Hat Enterprise Linux 8.2 Advanced Update Support
	Red Hat	Red Hat Enterprise Linux 8.2 Telecommunications Update Service
	Red Hat	Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
	Red Hat	Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
	Red Hat	Red Hat Enterprise Linux 8.4 Telecommunications Update Service
	Red Hat	Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
	Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support
	Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support
	Red Hat	Red Hat Enterprise Linux 9
	Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support
	Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support
	Red Hat	Red Hat Enterprise Linux 6
	Red Hat	Red Hat Enterprise Linux 7

Show details on NVD website