CVE-2023-49285

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-49285

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49285.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49285

Aliases

GHSA-8w9r-p88v-mmx9

Downstream

ALPINE-CVE-2023-49285

DEBIAN-CVE-2023-49285

DLA-3709-1

DSA-5637-1

OESA-2023-1932

RHSA-2024:0046

RHSA-2024:0071

RHSA-2024:0072

RHSA-2024:0397

RHSA-2024:0771

RHSA-2024:0772

RHSA-2024:0773

RHSA-2024:1153

RHSA-2024:1787

SUSE-SU-2023:4698-1

SUSE-SU-2023:4724-1

SUSE-SU-2023:4825-1

UBUNTU-CVE-2023-49285

USN-6594-1

USN-6857-1

openSUSE-SU-2024:13631-1

Related

Published

2023-12-04T22:56:55Z

Modified

2025-10-15T02:42:47.984654Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

Denial of Service in HTTP Message Processing in Squid

Details

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git /

Affected ranges

Database specific

{
    "unresolved_versions": [
        {
            "type": "",
            "events": [
                {
                    "introduced": "2.2"
                },
                {
                    "fixed": "6.5"
                }
            ]
        }
    ]
}