CVE-2023-49288

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-49288

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49288.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49288

Aliases

GHSA-rj5h-46j6-q2g5

Related

Published

2023-12-04T23:15:27Z

Modified

2024-09-18T03:24:34.587186Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsedforwarding on" are vulnerable. Configurations with "collapsedforwarding off" or without a "collapsedforwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsedforwarding lines from their squid.conf.

References

Affected packages

Alpine:v3.19 / squid

Package

Name: squid
Purl: pkg:apk/alpine/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1-r0

Affected versions

2.*

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.6-r4

2.7.6-r5

2.7.6-r6

2.7.6-r7

2.7.6-r8

2.7.6-r9

2.7.6-r10

2.7.6-r11

2.7.6-r12

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.7-r5

2.7.9-r0

2.7.9-r1

2.7.9-r2

2.7.9-r3

2.7.9-r4

3.*

3.2.0.12-r1

3.2.0.12-r2

3.2.0.12-r3

3.2.0.12-r4

3.2.0.13-r0

3.2.0.16-r0

3.2.0.17-r0

3.2.0.17-r1

3.2.0.17-r2

3.2.0.18-r0

3.2.0.18-r1

3.2.0.19-r0

3.2.0.19-r1

3.2.2-r0

3.2.3-r0

3.2.4-r0

3.2.5-r0

3.2.6-r0

3.2.6-r1

3.2.7-r1

3.2.7-r2

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.3.5-r0

3.3.6-r0

3.3.7-r0

3.3.8-r0

3.3.8-r1

3.3.9-r0

3.3.10-r0

3.3.11-r0

3.3.11-r1

3.4.5-r0

3.4.6-r0

3.4.6-r1

3.4.7-r0

3.4.8-r0

3.4.9-r0

3.4.10-r0

3.4.11-r0

3.4.12-r0

3.5.2-r0

3.5.2-r1

3.5.3-r0

3.5.4-r0

3.5.4-r1

3.5.5-r0

3.5.6-r0

3.5.6-r1

3.5.7-r0

3.5.8-r0

3.5.10-r0

3.5.11-r0

3.5.12-r0

3.5.13-r0

3.5.14-r0

3.5.14-r1

3.5.15-r0

3.5.15-r1

3.5.16-r0

3.5.17-r0

3.5.17-r1

3.5.19-r0

3.5.19-r1

3.5.20-r0

3.5.20-r1

3.5.20-r2

3.5.22-r0

3.5.23-r0

3.5.23-r1

3.5.23-r2

3.5.23-r3

3.5.23-r4

3.5.27-r0

3.5.27-r1

3.5.27-r2

3.5.28-r0

4.*

4.2-r0

4.2-r1

4.4-r0

4.4-r1

4.6-r0

4.6-r1

4.8-r0

4.8-r1

4.9-r0

4.10-r0

4.11-r0

4.12-r0

4.13-r0

5.*

5.0.4-r0

5.0.4-r1

5.0.5-r0

5.0.6-r0

5.0.7-r0

5.0.7-r1

5.1-r0

5.1-r1

5.2-r0

5.3-r0

5.4-r0

5.4.1-r0

5.5-r0

5.6-r0

5.6-r1

5.6-r2

5.6-r3

5.7-r0

5.7-r1

5.9-r0

5.9-r1

Alpine:v3.20 / squid

Package

Name: squid
Purl: pkg:apk/alpine/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1-r0

Affected versions

2.*

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.6-r4

2.7.6-r5

2.7.6-r6

2.7.6-r7

2.7.6-r8

2.7.6-r9

2.7.6-r10

2.7.6-r11

2.7.6-r12

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.7-r5

2.7.9-r0

2.7.9-r1

2.7.9-r2

2.7.9-r3

2.7.9-r4

3.*

3.2.0.12-r1

3.2.0.12-r2

3.2.0.12-r3

3.2.0.12-r4

3.2.0.13-r0

3.2.0.16-r0

3.2.0.17-r0

3.2.0.17-r1

3.2.0.17-r2

3.2.0.18-r0

3.2.0.18-r1

3.2.0.19-r0

3.2.0.19-r1

3.2.2-r0

3.2.3-r0

3.2.4-r0

3.2.5-r0

3.2.6-r0

3.2.6-r1

3.2.7-r1

3.2.7-r2

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.3.5-r0

3.3.6-r0

3.3.7-r0

3.3.8-r0

3.3.8-r1

3.3.9-r0

3.3.10-r0

3.3.11-r0

3.3.11-r1

3.4.5-r0

3.4.6-r0

3.4.6-r1

3.4.7-r0

3.4.8-r0

3.4.9-r0

3.4.10-r0

3.4.11-r0

3.4.12-r0

3.5.2-r0

3.5.2-r1

3.5.3-r0

3.5.4-r0

3.5.4-r1

3.5.5-r0

3.5.6-r0

3.5.6-r1

3.5.7-r0

3.5.8-r0

3.5.10-r0

3.5.11-r0

3.5.12-r0

3.5.13-r0

3.5.14-r0

3.5.14-r1

3.5.15-r0

3.5.15-r1

3.5.16-r0

3.5.17-r0

3.5.17-r1

3.5.19-r0

3.5.19-r1

3.5.20-r0

3.5.20-r1

3.5.20-r2

3.5.22-r0

3.5.23-r0

3.5.23-r1

3.5.23-r2

3.5.23-r3

3.5.23-r4

3.5.27-r0

3.5.27-r1

3.5.27-r2

3.5.28-r0

4.*

4.2-r0

4.2-r1

4.4-r0

4.4-r1

4.6-r0

4.6-r1

4.8-r0

4.8-r1

4.9-r0

4.10-r0

4.11-r0

4.12-r0

4.13-r0

5.*

5.0.4-r0

5.0.4-r1

5.0.5-r0

5.0.6-r0

5.0.7-r0

5.0.7-r1

5.1-r0

5.1-r1

5.2-r0

5.3-r0

5.4-r0

5.4.1-r0

5.5-r0

5.6-r0

5.6-r1

5.6-r2

5.6-r3

5.7-r0

5.7-r1

5.9-r0

5.9-r1

Debian:11 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.13-10

4.13-10+deb11u1

4.13-10+deb11u2

4.13-10+deb11u3

5.*

5.1-2

5.2-1

5.5-1

5.5-1.1

5.6-1

5.7-1

5.7-2

6.*

6.1-1

6.1-2

6.3-1

6.5-1

6.6-1

6.8-1

6.9-1

6.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7-2

5.7-2+deb12u1

5.7-2+deb12u2

6.*

6.1-1

6.1-2

6.3-1

6.5-1

6.6-1

6.8-1

6.9-1

6.10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.1-1

Affected versions

5.*

5.7-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/squid-cache/squid

Affected ranges

Type: GIT
Repo: https://github.com/squid-cache/squid
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

20d1c7236c7493b1f8b7e47f2e2afc529232071c

Affected versions

Other

BASIC_TPROXY4

M-staged-PR161

M-staged-PR164

M-staged-PR170

M-staged-PR176

M-staged-PR179

M-staged-PR181

M-staged-PR182

M-staged-PR186

M-staged-PR189

M-staged-PR193

M-staged-PR195

M-staged-PR196

M-staged-PR198

M-staged-PR199

M-staged-PR200

M-staged-PR202

M-staged-PR206

M-staged-PR208

M-staged-PR209

M-staged-PR210

M-staged-PR218

M-staged-PR220

M-staged-PR221

M-staged-PR225

M-staged-PR227

M-staged-PR229

M-staged-PR230

M-staged-PR235

M-staged-PR237

M-staged-PR238

M-staged-PR239

M-staged-PR241

M-staged-PR242

M-staged-PR252

M-staged-PR255

M-staged-PR258

M-staged-PR264

M-staged-PR266

M-staged-PR267

M-staged-PR268

M-staged-PR274

M-staged-PR276

M-staged-PR293

M-staged-PR294

M-staged-PR295

M-staged-PR299

M-staged-PR306

M-staged-PR314

M-staged-PR319

M-staged-PR342

M-staged-PR345

M-staged-PR348

M-staged-PR351

M-staged-PR359

M-staged-PR364

M-staged-PR365

M-staged-PR366

M-staged-PR370

M-staged-PR372

M-staged-PR373

M-staged-PR375

M-staged-PR376

SQUID_3_0_PRE1

SQUID_3_0_PRE2

SQUID_3_0_PRE3

SQUID_3_0_PRE4

SQUID_3_0_PRE5

SQUID_3_0_PRE6

SQUID_3_0_PRE7

SQUID_3_0_RC1

SQUID_3_5_27

SQUID_4_0_1

SQUID_4_0_10

SQUID_4_0_11

SQUID_4_0_12

SQUID_4_0_13

SQUID_4_0_14

SQUID_4_0_15

SQUID_4_0_16

SQUID_4_0_2

SQUID_4_0_3

SQUID_4_0_4

SQUID_4_0_5

SQUID_4_0_6

SQUID_4_0_7

SQUID_4_0_8

SQUID_4_0_9

SQUID_5_0_1

SQUID_5_0_2

SQUID_5_0_3

SQUID_5_0_4

SQUID_5_0_5

SQUID_5_0_6

SQUID_5_0_7

SQUID_5_1

SQUID_5_2

SQUID_5_3

SQUID_5_4_1

SQUID_5_5

SQUID_5_6

SQUID_5_7

SQUID_5_8

SQUID_5_9

for-libecap-v0p1

merge-candidate-3-v1

merge-candidate-3-v2

sourceformat-review-1

take00

take01

take02

take03

take04

take06

take07

take08

take09

take1

take2

BumpSslServerFirst.*

BumpSslServerFirst.take01

BumpSslServerFirst.take02

BumpSslServerFirst.take03

BumpSslServerFirst.take04

BumpSslServerFirst.take05

BumpSslServerFirst.take06

BumpSslServerFirst.take07

BumpSslServerFirst.take08

BumpSslServerFirst.take09

BumpSslServerFirst.take10