CVE-2023-50269

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-50269

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-50269.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-50269

Aliases

GHSA-wgq4-4cfg-c4x3

Related

Published

2023-12-14T18:15:45Z

Modified

2024-09-18T03:15:53.093627Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the followxforwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

References

Affected packages

Alpine:v3.19 / squid

Package

Name: squid
Purl: pkg:apk/alpine/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6-r0

Affected versions

2.*

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.6-r4

2.7.6-r5

2.7.6-r6

2.7.6-r7

2.7.6-r8

2.7.6-r9

2.7.6-r10

2.7.6-r11

2.7.6-r12

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.7-r5

2.7.9-r0

2.7.9-r1

2.7.9-r2

2.7.9-r3

2.7.9-r4

3.*

3.2.0.12-r1

3.2.0.12-r2

3.2.0.12-r3

3.2.0.12-r4

3.2.0.13-r0

3.2.0.16-r0

3.2.0.17-r0

3.2.0.17-r1

3.2.0.17-r2

3.2.0.18-r0

3.2.0.18-r1

3.2.0.19-r0

3.2.0.19-r1

3.2.2-r0

3.2.3-r0

3.2.4-r0

3.2.5-r0

3.2.6-r0

3.2.6-r1

3.2.7-r1

3.2.7-r2

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.3.5-r0

3.3.6-r0

3.3.7-r0

3.3.8-r0

3.3.8-r1

3.3.9-r0

3.3.10-r0

3.3.11-r0

3.3.11-r1

3.4.5-r0

3.4.6-r0

3.4.6-r1

3.4.7-r0

3.4.8-r0

3.4.9-r0

3.4.10-r0

3.4.11-r0

3.4.12-r0

3.5.2-r0

3.5.2-r1

3.5.3-r0

3.5.4-r0

3.5.4-r1

3.5.5-r0

3.5.6-r0

3.5.6-r1

3.5.7-r0

3.5.8-r0

3.5.10-r0

3.5.11-r0

3.5.12-r0

3.5.13-r0

3.5.14-r0

3.5.14-r1

3.5.15-r0

3.5.15-r1

3.5.16-r0

3.5.17-r0

3.5.17-r1

3.5.19-r0

3.5.19-r1

3.5.20-r0

3.5.20-r1

3.5.20-r2

3.5.22-r0

3.5.23-r0

3.5.23-r1

3.5.23-r2

3.5.23-r3

3.5.23-r4

3.5.27-r0

3.5.27-r1

3.5.27-r2

3.5.28-r0

4.*

4.2-r0

4.2-r1

4.4-r0

4.4-r1

4.6-r0

4.6-r1

4.8-r0

4.8-r1

4.9-r0

4.10-r0

4.11-r0

4.12-r0

4.13-r0

5.*

5.0.4-r0

5.0.4-r1

5.0.5-r0

5.0.6-r0

5.0.7-r0

5.0.7-r1

5.1-r0

5.1-r1

5.2-r0

5.3-r0

5.4-r0

5.4.1-r0

5.5-r0

5.6-r0

5.6-r1

5.6-r2

5.6-r3

5.7-r0

5.7-r1

5.9-r0

5.9-r1

6.*

6.1-r0

6.2-r0

6.2-r1

6.3-r0

6.4-r0

6.5-r0

Alpine:v3.20 / squid

Package

Name: squid
Purl: pkg:apk/alpine/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6-r0

Affected versions

2.*

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.6-r4

2.7.6-r5

2.7.6-r6

2.7.6-r7

2.7.6-r8

2.7.6-r9

2.7.6-r10

2.7.6-r11

2.7.6-r12

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.7-r5

2.7.9-r0

2.7.9-r1

2.7.9-r2

2.7.9-r3

2.7.9-r4

3.*

3.2.0.12-r1

3.2.0.12-r2

3.2.0.12-r3

3.2.0.12-r4

3.2.0.13-r0

3.2.0.16-r0

3.2.0.17-r0

3.2.0.17-r1

3.2.0.17-r2

3.2.0.18-r0

3.2.0.18-r1

3.2.0.19-r0

3.2.0.19-r1

3.2.2-r0

3.2.3-r0

3.2.4-r0

3.2.5-r0

3.2.6-r0

3.2.6-r1

3.2.7-r1

3.2.7-r2

3.3.2-r0

3.3.3-r0

3.3.4-r0

3.3.5-r0

3.3.6-r0

3.3.7-r0

3.3.8-r0

3.3.8-r1

3.3.9-r0

3.3.10-r0

3.3.11-r0

3.3.11-r1

3.4.5-r0

3.4.6-r0

3.4.6-r1

3.4.7-r0

3.4.8-r0

3.4.9-r0

3.4.10-r0

3.4.11-r0

3.4.12-r0

3.5.2-r0

3.5.2-r1

3.5.3-r0

3.5.4-r0

3.5.4-r1

3.5.5-r0

3.5.6-r0

3.5.6-r1

3.5.7-r0

3.5.8-r0

3.5.10-r0

3.5.11-r0

3.5.12-r0

3.5.13-r0

3.5.14-r0

3.5.14-r1

3.5.15-r0

3.5.15-r1

3.5.16-r0

3.5.17-r0

3.5.17-r1

3.5.19-r0

3.5.19-r1

3.5.20-r0

3.5.20-r1

3.5.20-r2

3.5.22-r0

3.5.23-r0

3.5.23-r1

3.5.23-r2

3.5.23-r3

3.5.23-r4

3.5.27-r0

3.5.27-r1

3.5.27-r2

3.5.28-r0

4.*

4.2-r0

4.2-r1

4.4-r0

4.4-r1

4.6-r0

4.6-r1

4.8-r0

4.8-r1

4.9-r0

4.10-r0

4.11-r0

4.12-r0

4.13-r0

5.*

5.0.4-r0

5.0.4-r1

5.0.5-r0

5.0.6-r0

5.0.7-r0

5.0.7-r1

5.1-r0

5.1-r1

5.2-r0

5.3-r0

5.4-r0

5.4.1-r0

5.5-r0

5.6-r0

5.6-r1

5.6-r2

5.6-r3

5.7-r0

5.7-r1

5.9-r0

5.9-r1

6.*

6.1-r0

6.2-r0

6.2-r1

6.3-r0

6.4-r0

6.5-r0

Debian:11 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.13-10+deb11u3

Affected versions

4.*

4.13-10

4.13-10+deb11u1

4.13-10+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.7-2+deb12u1

Affected versions

5.*

5.7-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / squid

Package

Name: squid
Purl: pkg:deb/debian/squid?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6-1

Affected versions

5.*

5.7-2

6.*

6.1-1

6.1-2

6.3-1

6.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/squid-cache/squid

Affected ranges

Type: GIT
Repo: https://github.com/squid-cache/squid
Events: Introduced

ef1e128ce5a9733ae57d6595806bb832de389446

Last affected

03c8a93e863f873b5d6ff45adb786db447cabcd6

Introduced

f188960023551b2e9cb2a9df245b92bfeef37056

Last affected

20d1c7236c7493b1f8b7e47f2e2afc529232071c

Affected versions

Other

M-staged-PR161

M-staged-PR164

M-staged-PR170

M-staged-PR176

M-staged-PR179

M-staged-PR181

M-staged-PR182

M-staged-PR186

M-staged-PR189

M-staged-PR193

M-staged-PR195

M-staged-PR196

M-staged-PR198

M-staged-PR199

M-staged-PR200

M-staged-PR202

M-staged-PR206

M-staged-PR208

M-staged-PR209

M-staged-PR210

M-staged-PR218

M-staged-PR220

M-staged-PR221

M-staged-PR225

M-staged-PR227

M-staged-PR229

M-staged-PR230

M-staged-PR235

M-staged-PR237

M-staged-PR238

M-staged-PR239

M-staged-PR241

M-staged-PR242

M-staged-PR252

M-staged-PR255

M-staged-PR258

M-staged-PR264

M-staged-PR266

M-staged-PR267

M-staged-PR268

M-staged-PR274

M-staged-PR276

M-staged-PR293

M-staged-PR294

M-staged-PR295

M-staged-PR299

M-staged-PR306

M-staged-PR314

M-staged-PR319

M-staged-PR342

M-staged-PR345

M-staged-PR348

M-staged-PR351

M-staged-PR359

M-staged-PR364

M-staged-PR365

M-staged-PR366

M-staged-PR370

M-staged-PR372

M-staged-PR373

M-staged-PR375

M-staged-PR376

SQUID_3_5_27

SQUID_4_0_1

SQUID_4_0_10

SQUID_4_0_11

SQUID_4_0_12

SQUID_4_0_13

SQUID_4_0_14

SQUID_4_0_15

SQUID_4_0_16

SQUID_4_0_2

SQUID_4_0_3

SQUID_4_0_4

SQUID_4_0_5

SQUID_4_0_6

SQUID_4_0_7

SQUID_4_0_8

SQUID_4_0_9

SQUID_5_0_1

SQUID_5_0_2

SQUID_5_0_3

SQUID_5_0_4

SQUID_5_0_5

SQUID_5_0_6

SQUID_5_0_7

SQUID_5_1

SQUID_5_2

SQUID_5_3

SQUID_5_4_1

SQUID_5_5

SQUID_5_6

SQUID_5_7

SQUID_5_8

SQUID_5_9

SQUID_6_0_1

SQUID_6_0_2

SQUID_6_0_3

SQUID_6_1

SQUID_6_2

SQUID_6_3

SQUID_6_4

SQUID_6_5

merge-candidate-3-v1

merge-candidate-3-v2