Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-49286

Good to know:

icon

Date: December 4, 2023

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Language: C++

Severity Score

Related Resources (10)

https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27
https://security.netapp.com/advisory/ntap-20240119-0004/
https://security-tracker.debian.org/tracker/CVE-2023-49286
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
https://nvd.nist.gov/vuln/detail/CVE-2023-49286
https://www.mend.io/vulnerability-database/CVE-2023-49286

Severity Score

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Incorrect Check of Function Return Value

CWE-253

Reachable Assertion

CWE-617

Top Fix

icon

Upgrade Version

Upgrade to version SQUID_6_5

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us