CVE-2023-50269

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-50269

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50269.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-50269

Related

Published

2023-12-14T18:15:45Z

Modified

2025-01-15T05:02:45.442899Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the followxforwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

References

Affected packages

Alpine:v3.19 / squid

Package

Name: squid
Purl: pkg:apk/alpine/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6-r0

Affected versions

2.*

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.6-r4

2.7.6-r5

2.7.6-r6

2.7.6-r7

2.7.6-r8

2.7.6-r9

2.7.6-r10

2.7.6-r11

2.7.6-r12

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.7-r5

2.7.9-r0

2.7.9-r1

2.7.9-r2

2.7.9-r3

2.7.9-r4

3.*

3.2.0.12-r1

3.2.0.12-r2

3.2.0.12-r3

3.2.0.12-r4

3.2.0.13-r0

3.2.0.16-r0

3.2.0.17-r0

3.2.0.17-r1

3.2.0.17-r2

3.2.0.18-r0

3.2.0.18-r1

3.2.0.19-r0

3.2.0.19-r1

3.2.2-r0

3.2.3-r0

3.2.4-r0

3.2.5-r0

3.2.6-r0

3.2.6-r1

3.2.7-r1

3.2.7-r2

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.3.5-r0

3.3.6-r0

3.3.7-r0

3.3.8-r0

3.3.8-r1

3.3.9-r0

3.3.10-r0

3.3.11-r0

3.3.11-r1

3.4.5-r0

3.4.6-r0

3.4.6-r1

3.4.7-r0

3.4.8-r0

3.4.9-r0

3.4.10-r0

3.4.11-r0

3.4.12-r0

3.5.2-r0

3.5.2-r1

3.5.3-r0

3.5.4-r0

3.5.4-r1

3.5.5-r0

3.5.6-r0

3.5.6-r1

3.5.7-r0

3.5.8-r0

3.5.10-r0

3.5.11-r0

3.5.12-r0

3.5.13-r0

3.5.14-r0

3.5.14-r1

3.5.15-r0

3.5.15-r1

3.5.16-r0

3.5.17-r0

3.5.17-r1

3.5.19-r0

3.5.19-r1

3.5.20-r0

3.5.20-r1

3.5.20-r2

3.5.22-r0

3.5.23-r0

3.5.23-r1

3.5.23-r2

3.5.23-r3

3.5.23-r4

3.5.27-r0

3.5.27-r1

3.5.27-r2

3.5.28-r0

4.*

4.2-r0

4.2-r1

4.4-r0

4.4-r1

4.6-r0

4.6-r1

4.8-r0

4.8-r1

4.9-r0

4.10-r0

4.11-r0

4.12-r0

4.13-r0

5.*

5.0.4-r0

5.0.4-r1

5.0.5-r0

5.0.6-r0

5.0.7-r0

5.0.7-r1

5.1-r0

5.1-r1

5.2-r0

5.3-r0

5.4-r0

5.4.1-r0

5.5-r0

5.6-r0

5.6-r1

5.6-r2

5.6-r3

5.7-r0

5.7-r1

5.9-r0

5.9-r1

6.*

6.1-r0

6.2-r0

6.2-r1

6.3-r0

6.4-r0

6.5-r0

Alpine:v3.20 / squid

Package

Name: squid
Purl: pkg:apk/alpine/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6-r0

Affected versions

2.*

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.6-r4

2.7.6-r5

2.7.6-r6

2.7.6-r7

2.7.6-r8

2.7.6-r9

2.7.6-r10

2.7.6-r11

2.7.6-r12

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.7-r5

2.7.9-r0

2.7.9-r1

2.7.9-r2

2.7.9-r3

2.7.9-r4

3.*

3.2.0.12-r1

3.2.0.12-r2

3.2.0.12-r3

3.2.0.12-r4

3.2.0.13-r0

3.2.0.16-r0

3.2.0.17-r0

3.2.0.17-r1

3.2.0.17-r2

3.2.0.18-r0

3.2.0.18-r1

3.2.0.19-r0

3.2.0.19-r1

3.2.2-r0

3.2.3-r0

3.2.4-r0

3.2.5-r0

3.2.6-r0

3.2.6-r1

3.2.7-r1

3.2.7-r2

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.3.5-r0

3.3.6-r0

3.3.7-r0

3.3.8-r0

3.3.8-r1

3.3.9-r0

3.3.10-r0

3.3.11-r0

3.3.11-r1

3.4.5-r0

3.4.6-r0

3.4.6-r1

3.4.7-r0

3.4.8-r0

3.4.9-r0

3.4.10-r0

3.4.11-r0

3.4.12-r0

3.5.2-r0

3.5.2-r1

3.5.3-r0

3.5.4-r0

3.5.4-r1

3.5.5-r0

3.5.6-r0

3.5.6-r1

3.5.7-r0

3.5.8-r0

3.5.10-r0

3.5.11-r0

3.5.12-r0

3.5.13-r0

3.5.14-r0

3.5.14-r1

3.5.15-r0

3.5.15-r1

3.5.16-r0

3.5.17-r0

3.5.17-r1

3.5.19-r0

3.5.19-r1

3.5.20-r0

3.5.20-r1

3.5.20-r2

3.5.22-r0

3.5.23-r0

3.5.23-r1

3.5.23-r2

3.5.23-r3

3.5.23-r4

3.5.27-r0

3.5.27-r1

3.5.27-r2

3.5.28-r0

4.*

4.2-r0

4.2-r1

4.4-r0

4.4-r1

4.6-r0

4.6-r1

4.8-r0

4.8-r1

4.9-r0

4.10-r0

4.11-r0

4.12-r0

4.13-r0

5.*

5.0.4-r0

5.0.4-r1

5.0.5-r0

5.0.6-r0

5.0.7-r0

5.0.7-r1

5.1-r0

5.1-r1

5.2-r0

5.3-r0

5.4-r0

5.4.1-r0

5.5-r0

5.6-r0

5.6-r1

5.6-r2

5.6-r3

5.7-r0

5.7-r1

5.9-r0

5.9-r1

6.*

6.1-r0

6.2-r0

6.2-r1

6.3-r0

6.4-r0

6.5-r0

Alpine:v3.21 / squid

Package

Name: squid
Purl: pkg:apk/alpine/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6-r0

Affected versions

2.*

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.6-r4

2.7.6-r5

2.7.6-r6

2.7.6-r7

2.7.6-r8

2.7.6-r9

2.7.6-r10

2.7.6-r11

2.7.6-r12

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.7-r5

2.7.9-r0

2.7.9-r1

2.7.9-r2

2.7.9-r3

2.7.9-r4

3.*

3.2.0.12-r1

3.2.0.12-r2

3.2.0.12-r3

3.2.0.12-r4

3.2.0.13-r0

3.2.0.16-r0

3.2.0.17-r0

3.2.0.17-r1

3.2.0.17-r2

3.2.0.18-r0

3.2.0.18-r1

3.2.0.19-r0

3.2.0.19-r1

3.2.2-r0

3.2.3-r0

3.2.4-r0

3.2.5-r0

3.2.6-r0

3.2.6-r1

3.2.7-r1

3.2.7-r2

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.3.5-r0

3.3.6-r0

3.3.7-r0

3.3.8-r0

3.3.8-r1

3.3.9-r0

3.3.10-r0

3.3.11-r0

3.3.11-r1

3.4.5-r0

3.4.6-r0

3.4.6-r1

3.4.7-r0

3.4.8-r0

3.4.9-r0

3.4.10-r0

3.4.11-r0

3.4.12-r0

3.5.2-r0

3.5.2-r1

3.5.3-r0

3.5.4-r0

3.5.4-r1

3.5.5-r0

3.5.6-r0

3.5.6-r1

3.5.7-r0

3.5.8-r0

3.5.10-r0

3.5.11-r0

3.5.12-r0

3.5.13-r0

3.5.14-r0

3.5.14-r1

3.5.15-r0

3.5.15-r1

3.5.16-r0

3.5.17-r0

3.5.17-r1

3.5.19-r0

3.5.19-r1

3.5.20-r0

3.5.20-r1

3.5.20-r2

3.5.22-r0

3.5.23-r0

3.5.23-r1

3.5.23-r2

3.5.23-r3

3.5.23-r4

3.5.27-r0

3.5.27-r1

3.5.27-r2

3.5.28-r0

4.*

4.2-r0

4.2-r1

4.4-r0

4.4-r1

4.6-r0

4.6-r1

4.8-r0

4.8-r1

4.9-r0

4.10-r0

4.11-r0

4.12-r0

4.13-r0

5.*

5.0.4-r0

5.0.4-r1

5.0.5-r0

5.0.6-r0

5.0.7-r0

5.0.7-r1

5.1-r0

5.1-r1

5.2-r0

5.3-r0

5.4-r0

5.4.1-r0

5.5-r0

5.6-r0

5.6-r1

5.6-r2

5.6-r3

5.7-r0

5.7-r1

5.9-r0

5.9-r1

6.*

6.1-r0

6.2-r0

6.2-r1

6.3-r0

6.4-r0

6.5-r0

Debian:11 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.13-10+deb11u3

Affected versions

4.*

4.13-10

4.13-10+deb11u1

4.13-10+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7-2+deb12u1

Affected versions

5.*

5.7-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6-1

Affected versions

5.*

5.7-2

6.*

6.1-1

6.1-2

6.3-1

6.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/squid-cache/squid

Affected ranges

Type: GIT
Repo: https://github.com/squid-cache/squid
Events: Introduced

ef1e128ce5a9733ae57d6595806bb832de389446

Last affected

03c8a93e863f873b5d6ff45adb786db447cabcd6

Last affected

20d1c7236c7493b1f8b7e47f2e2afc529232071c

Affected versions

Other

SQUID_6_0_1

SQUID_6_0_2

SQUID_6_0_3

SQUID_6_1

SQUID_6_2

SQUID_6_3

SQUID_6_4

SQUID_6_5