CVE-2023-50269

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-50269
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50269.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-50269
Related
Published
2023-12-14T18:15:45Z
Modified
2025-01-15T05:02:45.442899Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the followxforwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

References

Affected packages

Alpine:v3.19 / squid

Package

Name
squid
Purl
pkg:apk/alpine/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6-r0

Affected versions

2.*

2.7.6-r0
2.7.6-r1
2.7.6-r2
2.7.6-r3
2.7.6-r4
2.7.6-r5
2.7.6-r6
2.7.6-r7
2.7.6-r8
2.7.6-r9
2.7.6-r10
2.7.6-r11
2.7.6-r12
2.7.7-r0
2.7.7-r1
2.7.7-r2
2.7.7-r3
2.7.7-r4
2.7.7-r5
2.7.9-r0
2.7.9-r1
2.7.9-r2
2.7.9-r3
2.7.9-r4

3.*

3.2.0.12-r1
3.2.0.12-r2
3.2.0.12-r3
3.2.0.12-r4
3.2.0.13-r0
3.2.0.16-r0
3.2.0.17-r0
3.2.0.17-r1
3.2.0.17-r2
3.2.0.18-r0
3.2.0.18-r1
3.2.0.19-r0
3.2.0.19-r1
3.2.2-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.6-r0
3.2.6-r1
3.2.7-r1
3.2.7-r2
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.3.5-r0
3.3.6-r0
3.3.7-r0
3.3.8-r0
3.3.8-r1
3.3.9-r0
3.3.10-r0
3.3.11-r0
3.3.11-r1
3.4.5-r0
3.4.6-r0
3.4.6-r1
3.4.7-r0
3.4.8-r0
3.4.9-r0
3.4.10-r0
3.4.11-r0
3.4.12-r0
3.5.2-r0
3.5.2-r1
3.5.3-r0
3.5.4-r0
3.5.4-r1
3.5.5-r0
3.5.6-r0
3.5.6-r1
3.5.7-r0
3.5.8-r0
3.5.10-r0
3.5.11-r0
3.5.12-r0
3.5.13-r0
3.5.14-r0
3.5.14-r1
3.5.15-r0
3.5.15-r1
3.5.16-r0
3.5.17-r0
3.5.17-r1
3.5.19-r0
3.5.19-r1
3.5.20-r0
3.5.20-r1
3.5.20-r2
3.5.22-r0
3.5.23-r0
3.5.23-r1
3.5.23-r2
3.5.23-r3
3.5.23-r4
3.5.27-r0
3.5.27-r1
3.5.27-r2
3.5.28-r0

4.*

4.2-r0
4.2-r1
4.4-r0
4.4-r1
4.6-r0
4.6-r1
4.8-r0
4.8-r1
4.9-r0
4.10-r0
4.11-r0
4.12-r0
4.13-r0

5.*

5.0.4-r0
5.0.4-r1
5.0.5-r0
5.0.6-r0
5.0.7-r0
5.0.7-r1
5.1-r0
5.1-r1
5.2-r0
5.3-r0
5.4-r0
5.4.1-r0
5.5-r0
5.6-r0
5.6-r1
5.6-r2
5.6-r3
5.7-r0
5.7-r1
5.9-r0
5.9-r1

6.*

6.1-r0
6.2-r0
6.2-r1
6.3-r0
6.4-r0
6.5-r0

Alpine:v3.20 / squid

Package

Name
squid
Purl
pkg:apk/alpine/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6-r0

Affected versions

2.*

2.7.6-r0
2.7.6-r1
2.7.6-r2
2.7.6-r3
2.7.6-r4
2.7.6-r5
2.7.6-r6
2.7.6-r7
2.7.6-r8
2.7.6-r9
2.7.6-r10
2.7.6-r11
2.7.6-r12
2.7.7-r0
2.7.7-r1
2.7.7-r2
2.7.7-r3
2.7.7-r4
2.7.7-r5
2.7.9-r0
2.7.9-r1
2.7.9-r2
2.7.9-r3
2.7.9-r4

3.*

3.2.0.12-r1
3.2.0.12-r2
3.2.0.12-r3
3.2.0.12-r4
3.2.0.13-r0
3.2.0.16-r0
3.2.0.17-r0
3.2.0.17-r1
3.2.0.17-r2
3.2.0.18-r0
3.2.0.18-r1
3.2.0.19-r0
3.2.0.19-r1
3.2.2-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.6-r0
3.2.6-r1
3.2.7-r1
3.2.7-r2
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.3.5-r0
3.3.6-r0
3.3.7-r0
3.3.8-r0
3.3.8-r1
3.3.9-r0
3.3.10-r0
3.3.11-r0
3.3.11-r1
3.4.5-r0
3.4.6-r0
3.4.6-r1
3.4.7-r0
3.4.8-r0
3.4.9-r0
3.4.10-r0
3.4.11-r0
3.4.12-r0
3.5.2-r0
3.5.2-r1
3.5.3-r0
3.5.4-r0
3.5.4-r1
3.5.5-r0
3.5.6-r0
3.5.6-r1
3.5.7-r0
3.5.8-r0
3.5.10-r0
3.5.11-r0
3.5.12-r0
3.5.13-r0
3.5.14-r0
3.5.14-r1
3.5.15-r0
3.5.15-r1
3.5.16-r0
3.5.17-r0
3.5.17-r1
3.5.19-r0
3.5.19-r1
3.5.20-r0
3.5.20-r1
3.5.20-r2
3.5.22-r0
3.5.23-r0
3.5.23-r1
3.5.23-r2
3.5.23-r3
3.5.23-r4
3.5.27-r0
3.5.27-r1
3.5.27-r2
3.5.28-r0

4.*

4.2-r0
4.2-r1
4.4-r0
4.4-r1
4.6-r0
4.6-r1
4.8-r0
4.8-r1
4.9-r0
4.10-r0
4.11-r0
4.12-r0
4.13-r0

5.*

5.0.4-r0
5.0.4-r1
5.0.5-r0
5.0.6-r0
5.0.7-r0
5.0.7-r1
5.1-r0
5.1-r1
5.2-r0
5.3-r0
5.4-r0
5.4.1-r0
5.5-r0
5.6-r0
5.6-r1
5.6-r2
5.6-r3
5.7-r0
5.7-r1
5.9-r0
5.9-r1

6.*

6.1-r0
6.2-r0
6.2-r1
6.3-r0
6.4-r0
6.5-r0

Alpine:v3.21 / squid

Package

Name
squid
Purl
pkg:apk/alpine/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6-r0

Affected versions

2.*

2.7.6-r0
2.7.6-r1
2.7.6-r2
2.7.6-r3
2.7.6-r4
2.7.6-r5
2.7.6-r6
2.7.6-r7
2.7.6-r8
2.7.6-r9
2.7.6-r10
2.7.6-r11
2.7.6-r12
2.7.7-r0
2.7.7-r1
2.7.7-r2
2.7.7-r3
2.7.7-r4
2.7.7-r5
2.7.9-r0
2.7.9-r1
2.7.9-r2
2.7.9-r3
2.7.9-r4

3.*

3.2.0.12-r1
3.2.0.12-r2
3.2.0.12-r3
3.2.0.12-r4
3.2.0.13-r0
3.2.0.16-r0
3.2.0.17-r0
3.2.0.17-r1
3.2.0.17-r2
3.2.0.18-r0
3.2.0.18-r1
3.2.0.19-r0
3.2.0.19-r1
3.2.2-r0
3.2.3-r0
3.2.4-r0
3.2.5-r0
3.2.6-r0
3.2.6-r1
3.2.7-r1
3.2.7-r2
3.3.2-r0
3.3.3-r0
3.3.4-r0
3.3.5-r0
3.3.6-r0
3.3.7-r0
3.3.8-r0
3.3.8-r1
3.3.9-r0
3.3.10-r0
3.3.11-r0
3.3.11-r1
3.4.5-r0
3.4.6-r0
3.4.6-r1
3.4.7-r0
3.4.8-r0
3.4.9-r0
3.4.10-r0
3.4.11-r0
3.4.12-r0
3.5.2-r0
3.5.2-r1
3.5.3-r0
3.5.4-r0
3.5.4-r1
3.5.5-r0
3.5.6-r0
3.5.6-r1
3.5.7-r0
3.5.8-r0
3.5.10-r0
3.5.11-r0
3.5.12-r0
3.5.13-r0
3.5.14-r0
3.5.14-r1
3.5.15-r0
3.5.15-r1
3.5.16-r0
3.5.17-r0
3.5.17-r1
3.5.19-r0
3.5.19-r1
3.5.20-r0
3.5.20-r1
3.5.20-r2
3.5.22-r0
3.5.23-r0
3.5.23-r1
3.5.23-r2
3.5.23-r3
3.5.23-r4
3.5.27-r0
3.5.27-r1
3.5.27-r2
3.5.28-r0

4.*

4.2-r0
4.2-r1
4.4-r0
4.4-r1
4.6-r0
4.6-r1
4.8-r0
4.8-r1
4.9-r0
4.10-r0
4.11-r0
4.12-r0
4.13-r0

5.*

5.0.4-r0
5.0.4-r1
5.0.5-r0
5.0.6-r0
5.0.7-r0
5.0.7-r1
5.1-r0
5.1-r1
5.2-r0
5.3-r0
5.4-r0
5.4.1-r0
5.5-r0
5.6-r0
5.6-r1
5.6-r2
5.6-r3
5.7-r0
5.7-r1
5.9-r0
5.9-r1

6.*

6.1-r0
6.2-r0
6.2-r1
6.3-r0
6.4-r0
6.5-r0

Debian:11 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.13-10+deb11u3

Affected versions

4.*

4.13-10
4.13-10+deb11u1
4.13-10+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.7-2+deb12u1

Affected versions

5.*

5.7-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / squid

Package

Name
squid
Purl
pkg:deb/debian/squid?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.6-1

Affected versions

5.*

5.7-2

6.*

6.1-1
6.1-2
6.3-1
6.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events

Affected versions

Other

SQUID_6_0_1
SQUID_6_0_2
SQUID_6_0_3
SQUID_6_1
SQUID_6_2
SQUID_6_3
SQUID_6_4
SQUID_6_5