CVE-2023-49286

Denial of Service in Helper Process management

Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Link	Tags
https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27	vendor advisory
https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264	patch
http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch	broken link
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
https://security.netapp.com/advisory/ntap-20240119-0004/

Frequently Asked Questions

What is the severity of CVE-2023-49286?: CVE-2023-49286 has been scored as a high severity vulnerability.
How to fix CVE-2023-49286?: To fix CVE-2023-49286, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-49286 being actively exploited in the wild?: It is possible that CVE-2023-49286 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-49286?: CVE-2023-49286 affects squid-cache squid.

Description

Categories

CWE-253 – Incorrect Check of Function Return Value

CWE-617 – Reachable Assertion

References

Frequently Asked Questions