Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-46724 (GCVE-0-2023-46724)
Vulnerability from cvelistv5 – Published: 2023-11-01 19:09 – Updated: 2025-02-13 17:14
VLAI
EPSS
Title
SQUID-2023:4 Denial of Service in SSL Certificate validation
Summary
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
Severity
8.6 (High)
CWE
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid |
Affected:
>= 3.3.0.1, < 6.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"name": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46724",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T20:13:11.511935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T20:13:29.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "squid",
"vendor": "squid-cache",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3.0.1, \u003c 6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-129",
"description": "CWE-129: Improper Validation of Array Index",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-786",
"description": "CWE-786: Access of Memory Location Before Start of Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-823",
"description": "CWE-823: Use of Out-of-range Pointer Offset",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-1285",
"description": "CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-29T03:06:29.936Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"name": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch",
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
}
],
"source": {
"advisory": "GHSA-73m6-jm96-c6r3",
"discovery": "UNKNOWN"
},
"title": "SQUID-2023:4 Denial of Service in SSL Certificate validation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46724",
"datePublished": "2023-11-01T19:09:34.513Z",
"dateReserved": "2023-10-25T14:30:33.751Z",
"dateUpdated": "2025-02-13T17:14:32.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-46724",
"date": "2026-05-29",
"epss": "0.00447",
"percentile": "0.63812"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-46724\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-11-01T20:15:08.800\",\"lastModified\":\"2025-02-13T18:15:36.657\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.\"},{\"lang\":\"es\",\"value\":\"Squid es un proxy de almacenamiento en cach\u00e9 para la Web. Debido a un error de validaci\u00f3n incorrecta del \u00edndice especificado, las versiones de Squid 3.3.0.1 a 5.9 y 6.0 anteriores a 6.4 compiladas usando `--with-openssl` son vulnerables a un ataque de Denegaci\u00f3n de Servicio contra la validaci\u00f3n del certificado SSL. Este problema permite que un servidor remoto realice una denegaci\u00f3n de servicio contra Squid Proxy iniciando un protocolo de enlace TLS con un certificado SSL especialmente manipulado en una cadena de certificados de servidor. Este ataque se limita a HTTPS y SSL-Bump. Este error se solucion\u00f3 en la versi\u00f3n 6.4 de Squid. Adem\u00e1s, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid. Aquellos que utilicen una versi\u00f3n empaquetada de Squid deben consultar al proveedor del paquete para obtener informaci\u00f3n sobre la disponibilidad de paquetes actualizados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\",\"baseScore\":8.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-129\"},{\"lang\":\"en\",\"value\":\"CWE-786\"},{\"lang\":\"en\",\"value\":\"CWE-823\"},{\"lang\":\"en\",\"value\":\"CWE-1285\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3.0.1\",\"versionEndExcluding\":\"6.4\",\"matchCriteriaId\":\"E8CC0157-8647-4BC3-AD22-4325B85D8A78\"}]}]}],\"references\":[{\"url\":\"http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231208-0001/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231208-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3\", \"name\": \"https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\", \"name\": \"https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\", \"name\": \"http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\", \"name\": \"http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231208-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:53:20.863Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-46724\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-05T20:13:11.511935Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-05T20:13:25.288Z\"}}], \"cna\": {\"title\": \"SQUID-2023:4 Denial of Service in SSL Certificate validation\", \"source\": {\"advisory\": \"GHSA-73m6-jm96-c6r3\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"squid-cache\", \"product\": \"squid\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.3.0.1, \u003c 6.4\"}]}], \"references\": [{\"url\": \"https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3\", \"name\": \"https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\", \"name\": \"https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\", \"name\": \"http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\", \"name\": \"http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231208-0001/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125: Out-of-bounds Read\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-129\", \"description\": \"CWE-129: Improper Validation of Array Index\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-786\", \"description\": \"CWE-786: Access of Memory Location Before Start of Buffer\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-823\", \"description\": \"CWE-823: Use of Out-of-range Pointer Offset\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1285\", \"description\": \"CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-12-29T03:06:29.936Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-46724\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:14:32.361Z\", \"dateReserved\": \"2023-10-25T14:30:33.751Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-11-01T19:09:34.513Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2024:0046
Vulnerability from osv_almalinux
Published
2024-01-03 00:00
Modified
2024-01-08 14:59
Summary
Important: squid:4 security update
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
- squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)
- squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)
- squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)
- squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libecap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1-2.module_el8.6.0+2741+01592ae8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libecap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1-2.module_el8.6.0+3048+383bc947"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libecap-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1-2.module_el8.6.0+2741+01592ae8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libecap-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1-2.module_el8.6.0+3048+383bc947"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "squid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7:4.15-7.module_el8.9.0+3708+6acaac63.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)\n* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)\n* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)\n* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0046",
"modified": "2024-01-08T14:59:53Z",
"published": "2024-01-03T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0046"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-46724"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-46728"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-49285"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-49286"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2247567"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248521"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2252923"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2252926"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-0046.html"
}
],
"related": [
"CVE-2023-46724",
"CVE-2023-46728",
"CVE-2023-49285",
"CVE-2023-49286"
],
"summary": "Important: squid:4 security update"
}
alsa-2024:0071
Vulnerability from osv_almalinux
Published
2024-01-08 00:00
Modified
2024-01-08 13:54
Summary
Important: squid security update
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
- squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)
- squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)
- squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)
- squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "squid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7:5.5-6.el9_3.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)\n* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)\n* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)\n* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:0071",
"modified": "2024-01-08T13:54:39Z",
"published": "2024-01-08T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:0071"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-46724"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-46728"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-49285"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-49286"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2247567"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2248521"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2252923"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2252926"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-0071.html"
}
],
"related": [
"CVE-2023-46724",
"CVE-2023-46728",
"CVE-2023-49285",
"CVE-2023-49286"
],
"summary": "Important: squid security update"
}
Title
Уязвимость прокси-сервера Squid, связанная с ошибками при проверке сертификата SSL/TLS, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость прокси-сервера Squid связана с ошибками при проверке сертификата SSL/TLS. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity
Vendor
АО «ИВК», АО «НТЦ ИТ РОСА», Squid Software Foundation, АО "НППКТ"
Software Name
Альт 8 СП (запись в едином реестре российских программ №4305), РОСА Кобальт (запись в едином реестре российских программ №1999), РОСА ХРОМ (запись в едином реестре российских программ №1607), Squid, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
- (Альт 8 СП), 7.9 (РОСА Кобальт), 12.4 (РОСА ХРОМ), от 3.3.0.1 до 6.4 (Squid), до 2.10 (ОСОН ОСнова Оnyx)
Possible Mitigations
Установка обновлений из доверенных источников.
В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков.
Компенсирующие меры:
1. Отключение функций SSL-Bump:
- удалив все опции ssl-bump из http_port и https_port;
- удалив все директивы ssl_bump из squid.conf.
2. Построение новой версии Squid, используя флаг --without-openssl.
Использование рекомендаций производителя:
http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch
http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch
https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810
https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Для ОСОН ОСнова Оnyx (версия 2.10):
Обновление программного обеспечения squid до версии 6.6-1osnova1
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для ОС РОСА "КОБАЛЬТ": https://abf.rosa.ru/advisories/ROSA-SA-2024-2479
Для ОС РОСА "КОБАЛЬТ": https://abf.rosa.ru/advisories/ROSA-SA-2024-2479
Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2024-2477
Reference
http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch
http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch
https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810
https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3
https://altsp.su/obnovleniya-bezopasnosti/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.10/
https://altsp.su/obnovleniya-bezopasnosti/
https://abf.rosa.ru/advisories/ROSA-SA-2024-2479
https://abf.rosa.ru/advisories/ROSA-SA-2024-2479
https://abf.rosa.ru/advisories/ROSA-SA-2024-2477
CWE
CWE-125, CWE-129, CWE-295, CWE-786, CWE-823, CWE-1285
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Squid Software Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 7.9 (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u043e\u0442 3.3.0.1 \u0434\u043e 6.4 (Squid), \u0434\u043e 2.10 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n1. \u041e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 SSL-Bump:\n- \u0443\u0434\u0430\u043b\u0438\u0432 \u0432\u0441\u0435 \u043e\u043f\u0446\u0438\u0438 ssl-bump \u0438\u0437 http_port \u0438 https_port;\n- \u0443\u0434\u0430\u043b\u0438\u0432 \u0432\u0441\u0435 \u0434\u0438\u0440\u0435\u043a\u0442\u0438\u0432\u044b ssl_bump \u0438\u0437 squid.conf.\n2. \u041f\u043e\u0441\u0442\u0440\u043e\u0435\u043d\u0438\u0435 \u043d\u043e\u0432\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 Squid, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0444\u043b\u0430\u0433 --without-openssl.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttp://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\nhttp://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\nhttps://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.10):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f squid \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.6-1osnova1\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosa.ru/advisories/ROSA-SA-2024-2479\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosa.ru/advisories/ROSA-SA-2024-2479\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2024-2477",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.03.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.11.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-07699",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-46724",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), Squid, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 7.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.10 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Squid, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 SSL/TLS, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125), \u041d\u0435\u043f\u0440\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u043e\u0435 \u0438\u043d\u0434\u0435\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u043c\u0430\u0441\u0441\u0438\u0432\u0430 (CWE-129), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 (CWE-295), \u0414\u043e\u0441\u0442\u0443\u043f \u043a \u044f\u0447\u0435\u0439\u043a\u0435 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u0440\u0435\u0434\u0448\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0439 \u043d\u0430\u0447\u0430\u043b\u0443 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-786), \u0421\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f \u0437\u0430 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b (CWE-823), \u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u043e\u0433\u043e \u0438\u043d\u0434\u0435\u043a\u0441\u0430, \u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u0438\u043b\u0438 \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u044f (CWE-1285)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Squid \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 SSL/TLS. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch\nhttp://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch\nhttps://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.10/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2479\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2479\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2477",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125, CWE-129, CWE-295, CWE-786, CWE-823, CWE-1285",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,6)"
}
CERTFR-2023-AVI-0902
Vulnerability from certfr_avis - Published: 2023-11-02 - Updated: 2023-11-02
Une vulnérabilité a été découverte dans Squid. Elle permet à un attaquant de provoquer un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions 3.3.0.1 \u00e0 6.3.x ant\u00e9rieures \u00e0 6.4",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46724"
}
],
"initial_release_date": "2023-11-02T00:00:00",
"last_revision_date": "2023-11-02T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0902",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-11-02T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Squid. Elle permet \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid CVE-2023-46724 du 01 novembre 2023",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
}
]
}
CERTFR-2024-AVI-0354
Vulnerability from certfr_avis - Published: 2024-04-29 - Updated: 2024-04-29
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | QuTScloud versions c5.x antérieures à c5.1.5.2651 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.1.6.2722 build 20240402 | ||
| Qnap | QTS | QTS versions 4.5.x antérieures à 4.5.4.2627 build 20231225 | ||
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225 | ||
| Qnap | N/A | myQNAPcloud versions 1.0.x antérieures à 1.0.52 | ||
| Qnap | N/A | Proxy Server versions 1.4.x antérieures à 1.4.6 | ||
| Qnap | N/A | myQNAPcloud Link versions 2.4.x antérieures à 2.4.51 | ||
| Qnap | N/A | Media Streaming add-on versions 500.1.x antérieures à 500.1.1.5 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.1.6.2734 build 20240414 | ||
| Qnap | N/A | QuFirewall versions 2.4.x antérieures à 2.4.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.5.2651",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.6.2722 build 20240402",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2627 build 20231225",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "myQNAPcloud versions 1.0.x ant\u00e9rieures \u00e0 1.0.52",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Proxy Server versions 1.4.x ant\u00e9rieures \u00e0 1.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "myQNAPcloud Link versions 2.4.x ant\u00e9rieures \u00e0 2.4.51",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Media Streaming add-on versions 500.1.x ant\u00e9rieures \u00e0 500.1.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.6.2734 build 20240414",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuFirewall versions 2.4.x ant\u00e9rieures \u00e0 2.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-32766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32766"
},
{
"name": "CVE-2023-5824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5824"
},
{
"name": "CVE-2024-27124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27124"
},
{
"name": "CVE-2023-50363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50363"
},
{
"name": "CVE-2023-46846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46846"
},
{
"name": "CVE-2023-46847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46847"
},
{
"name": "CVE-2023-41290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41290"
},
{
"name": "CVE-2024-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21905"
},
{
"name": "CVE-2023-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46724"
},
{
"name": "CVE-2024-21900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21900"
},
{
"name": "CVE-2023-41291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41291"
},
{
"name": "CVE-2023-51365",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51365"
},
{
"name": "CVE-2024-21901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21901"
},
{
"name": "CVE-2024-32764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32764"
},
{
"name": "CVE-2023-50364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50364"
},
{
"name": "CVE-2024-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21899"
},
{
"name": "CVE-2023-51364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51364"
},
{
"name": "CVE-2023-50362",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50362"
},
{
"name": "CVE-2023-47222",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47222"
},
{
"name": "CVE-2023-50361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50361"
}
],
"initial_release_date": "2024-04-29T00:00:00",
"last_revision_date": "2024-04-29T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0354",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-16 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-16"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-15 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-15"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-18 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-18"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-14 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-14"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-20 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-20"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-17 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-17"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-09 du 09 mars 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-09"
}
]
}
FKIE_CVE-2023-46724
Vulnerability from fkie_nvd - Published: 2023-11-01 20:15 - Updated: 2025-02-13 18:15
Severity
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch | Mailing List, Patch | |
| security-advisories@github.com | http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch | Mailing List, Patch | |
| security-advisories@github.com | https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810 | Patch | |
| security-advisories@github.com | https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3 | Vendor Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/ | ||
| security-advisories@github.com | https://security.netapp.com/advisory/ntap-20231208-0001/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231208-0001/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CC0157-8647-4BC3-AD22-4325B85D8A78",
"versionEndExcluding": "6.4",
"versionStartIncluding": "3.3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web. Debido a un error de validaci\u00f3n incorrecta del \u00edndice especificado, las versiones de Squid 3.3.0.1 a 5.9 y 6.0 anteriores a 6.4 compiladas usando `--with-openssl` son vulnerables a un ataque de Denegaci\u00f3n de Servicio contra la validaci\u00f3n del certificado SSL. Este problema permite que un servidor remoto realice una denegaci\u00f3n de servicio contra Squid Proxy iniciando un protocolo de enlace TLS con un certificado SSL especialmente manipulado en una cadena de certificados de servidor. Este ataque se limita a HTTPS y SSL-Bump. Este error se solucion\u00f3 en la versi\u00f3n 6.4 de Squid. Adem\u00e1s, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid. Aquellos que utilicen una versi\u00f3n empaquetada de Squid deben consultar al proveedor del paquete para obtener informaci\u00f3n sobre la disponibilidad de paquetes actualizados."
}
],
"id": "CVE-2023-46724",
"lastModified": "2025-02-13T18:15:36.657",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-01T20:15:08.800",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-129"
},
{
"lang": "en",
"value": "CWE-786"
},
{
"lang": "en",
"value": "CWE-823"
},
{
"lang": "en",
"value": "CWE-1285"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2023-46724
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-46724",
"id": "GSD-2023-46724"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-46724"
],
"details": " Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.",
"id": "GSD-2023-46724",
"modified": "2023-12-13T01:20:53.087777Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2023-46724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "squid",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003e= 3.3.0.1, \u003c 6.4"
}
]
}
}
]
},
"vendor_name": "squid-cache"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": " Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-125",
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
},
{
"description": [
{
"cweId": "CWE-129",
"lang": "eng",
"value": "CWE-129: Improper Validation of Array Index"
}
]
},
{
"description": [
{
"cweId": "CWE-786",
"lang": "eng",
"value": "CWE-786: Access of Memory Location Before Start of Buffer"
}
]
},
{
"description": [
{
"cweId": "CWE-823",
"lang": "eng",
"value": "CWE-823: Use of Out-of-range Pointer Offset"
}
]
},
{
"description": [
{
"cweId": "CWE-1285",
"lang": "eng",
"value": "CWE-1285: Improper Validation of Specified Index, Position, or Offset in Input"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"name": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"name": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"name": "https://security.netapp.com/advisory/ntap-20231208-0001/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
}
]
},
"source": {
"advisory": "GHSA-73m6-jm96-c6r3",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8CC0157-8647-4BC3-AD22-4325B85D8A78",
"versionEndExcluding": "6.4",
"versionStartIncluding": "3.3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages."
},
{
"lang": "es",
"value": "Squid es un proxy de almacenamiento en cach\u00e9 para la Web. Debido a un error de validaci\u00f3n incorrecta del \u00edndice especificado, las versiones de Squid 3.3.0.1 a 5.9 y 6.0 anteriores a 6.4 compiladas usando `--with-openssl` son vulnerables a un ataque de Denegaci\u00f3n de Servicio contra la validaci\u00f3n del certificado SSL. Este problema permite que un servidor remoto realice una denegaci\u00f3n de servicio contra Squid Proxy iniciando un protocolo de enlace TLS con un certificado SSL especialmente manipulado en una cadena de certificados de servidor. Este ataque se limita a HTTPS y SSL-Bump. Este error se solucion\u00f3 en la versi\u00f3n 6.4 de Squid. Adem\u00e1s, los parches que solucionan este problema para las versiones estables se pueden encontrar en los archivos de parches de Squid. Aquellos que utilicen una versi\u00f3n empaquetada de Squid deben consultar al proveedor del paquete para obtener informaci\u00f3n sobre la disponibilidad de paquetes actualizados."
}
],
"id": "CVE-2023-46724",
"lastModified": "2023-12-29T03:15:10.793",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2023-11-01T20:15:08.800",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/"
},
{
"source": "security-advisories@github.com",
"url": "https://security.netapp.com/advisory/ntap-20231208-0001/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-1285"
},
{
"lang": "en",
"value": "CWE-129"
},
{
"lang": "en",
"value": "CWE-786"
},
{
"lang": "en",
"value": "CWE-823"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
OPENSUSE-SU-2024:13398-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
squid-6.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: squid-6.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the squid-6.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13398
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-46724/ | self |
| https://www.suse.com/security/cve/CVE-2023-46846/ | self |
| https://www.suse.com/security/cve/CVE-2023-46847/ | self |
| https://www.suse.com/security/cve/CVE-2023-46848/ | self |
| https://www.suse.com/security/cve/CVE-2023-5824/ | self |
| https://www.suse.com/security/cve/CVE-2023-46724 | external |
| https://bugzilla.suse.com/1216803 | external |
| https://www.suse.com/security/cve/CVE-2023-46846 | external |
| https://bugzilla.suse.com/1216500 | external |
| https://www.suse.com/security/cve/CVE-2023-46847 | external |
| https://bugzilla.suse.com/1216495 | external |
| https://www.suse.com/security/cve/CVE-2023-46848 | external |
| https://bugzilla.suse.com/1216498 | external |
| https://www.suse.com/security/cve/CVE-2023-5824 | external |
| https://bugzilla.suse.com/1216496 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "squid-6.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the squid-6.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13398",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13398-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46724 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46846 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46847 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46848 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5824 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5824/"
}
],
"title": "squid-6.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13398-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "squid-6.4-1.1.aarch64",
"product": {
"name": "squid-6.4-1.1.aarch64",
"product_id": "squid-6.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-6.4-1.1.ppc64le",
"product": {
"name": "squid-6.4-1.1.ppc64le",
"product_id": "squid-6.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-6.4-1.1.s390x",
"product": {
"name": "squid-6.4-1.1.s390x",
"product_id": "squid-6.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-6.4-1.1.x86_64",
"product": {
"name": "squid-6.4-1.1.x86_64",
"product_id": "squid-6.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-6.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:squid-6.4-1.1.aarch64"
},
"product_reference": "squid-6.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-6.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le"
},
"product_reference": "squid-6.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-6.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:squid-6.4-1.1.s390x"
},
"product_reference": "squid-6.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-6.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
},
"product_reference": "squid-6.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46724"
}
],
"notes": [
{
"category": "general",
"text": "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46724",
"url": "https://www.suse.com/security/cve/CVE-2023-46724"
},
{
"category": "external",
"summary": "SUSE Bug 1216803 for CVE-2023-46724",
"url": "https://bugzilla.suse.com/1216803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46724"
},
{
"cve": "CVE-2023-46846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46846"
}
],
"notes": [
{
"category": "general",
"text": "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46846",
"url": "https://www.suse.com/security/cve/CVE-2023-46846"
},
{
"category": "external",
"summary": "SUSE Bug 1216500 for CVE-2023-46846",
"url": "https://bugzilla.suse.com/1216500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46846"
},
{
"cve": "CVE-2023-46847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46847"
}
],
"notes": [
{
"category": "general",
"text": "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46847",
"url": "https://www.suse.com/security/cve/CVE-2023-46847"
},
{
"category": "external",
"summary": "SUSE Bug 1216495 for CVE-2023-46847",
"url": "https://bugzilla.suse.com/1216495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46847"
},
{
"cve": "CVE-2023-46848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46848"
}
],
"notes": [
{
"category": "general",
"text": "Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46848",
"url": "https://www.suse.com/security/cve/CVE-2023-46848"
},
{
"category": "external",
"summary": "SUSE Bug 1216498 for CVE-2023-46848",
"url": "https://bugzilla.suse.com/1216498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46848"
},
{
"cve": "CVE-2023-5824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5824"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5824",
"url": "https://www.suse.com/security/cve/CVE-2023-5824"
},
{
"category": "external",
"summary": "SUSE Bug 1216496 for CVE-2023-5824",
"url": "https://bugzilla.suse.com/1216496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-5824"
}
]
}
RHSA-2024:0046
Vulnerability from csaf_redhat - Published: 2024-01-03 21:13 - Updated: 2026-03-18 02:30Summary
Red Hat Security Advisory: squid:4 security update
Severity
Important
Notes
Topic: An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)
* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)
* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)
* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using `--with-openssl` is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A buffer over-read flaw was found in Squid's HTTP Message processing feature. This issue may allow attackers to perform remote denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Squid due to an incorrect check of the return value in the helper process management. This issue may allow attackers to perform remote denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
29 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2024:0046 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2247567 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248521 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2252923 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2252926 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2023-46724 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2247567 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-46724 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-46724 | external |
| http://www.squid-cache.org/Versions/v5/SQUID-2023… | external |
| http://www.squid-cache.org/Versions/v6/SQUID-2023… | external |
| https://github.com/squid-cache/squid/commit/b70f8… | external |
| https://github.com/squid-cache/squid/security/adv… | external |
| https://access.redhat.com/security/cve/CVE-2023-46728 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2248521 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-46728 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-46728 | external |
| https://github.com/squid-cache/squid/security/adv… | external |
| https://megamansec.github.io/Squid-Security-Audit… | external |
| https://access.redhat.com/security/cve/CVE-2023-49285 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2252926 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-49285 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-49285 | external |
| https://access.redhat.com/security/cve/CVE-2023-49286 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2252923 | external |
| https://www.cve.org/CVERecord?id=CVE-2023-49286 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-49286 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)\n\n* squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)\n\n* squid: Buffer over-read in the HTTP Message processing feature (CVE-2023-49285)\n\n* squid: Incorrect Check of Function Return Value In Helper Process management (CVE-2023-49286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:0046",
"url": "https://access.redhat.com/errata/RHSA-2024:0046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2247567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247567"
},
{
"category": "external",
"summary": "2248521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248521"
},
{
"category": "external",
"summary": "2252923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252923"
},
{
"category": "external",
"summary": "2252926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252926"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0046.json"
}
],
"title": "Red Hat Security Advisory: squid:4 security update",
"tracking": {
"current_release_date": "2026-03-18T02:30:38+00:00",
"generator": {
"date": "2026-03-18T02:30:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2024:0046",
"initial_release_date": "2024-01-03T21:13:13+00:00",
"revision_history": [
{
"date": "2024-01-03T21:13:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-01-03T21:13:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:30:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=src\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=src\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64 (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64 (squid:4)",
"product_id": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64 (squid:4)",
"product_id": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le (squid:4)",
"product_id": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le (squid:4)",
"product_id": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x (squid:4)",
"product_id": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x (squid:4)",
"product_id": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64 (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64 (squid:4)",
"product_id": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64 (squid:4)",
"product_id": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20975%2B25f17541.5?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8090020231207155957:a75119d5"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46724",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"discovery_date": "2023-11-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2247567"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Squid. Due to an improper validation of the specified index bug, Squid compiled using `--with-openssl` is vulnerable to a denial of service attack against SSL Certificate validation. This flaw allows a remote server to perform a denial of service against the Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Denial of Service in SSL Certificate validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46724"
},
{
"category": "external",
"summary": "RHBZ#2247567",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247567"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46724"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch",
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch"
},
{
"category": "external",
"summary": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch",
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810",
"url": "https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3"
}
],
"release_date": "2023-11-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-03T21:13:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0046"
},
{
"category": "workaround",
"details": "Disable the use of SSL-Bump features:\n- Remove all ssl-bump options from http_port and https_port\n- Remove all ssl_bump directives from squid.conf",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid: Denial of Service in SSL Certificate validation"
},
{
"cve": "CVE-2023-46728",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2023-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2248521"
}
],
"notes": [
{
"category": "description",
"text": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid\u0027s Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: NULL pointer dereference in the gopher protocol code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-46728"
},
{
"category": "external",
"summary": "RHBZ#2248521",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248521"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-46728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-46728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46728"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f"
},
{
"category": "external",
"summary": "https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html",
"url": "https://megamansec.github.io/Squid-Security-Audit/gopher-nullpointer.html"
}
],
"release_date": "2023-09-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-03T21:13:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0046"
},
{
"category": "workaround",
"details": "To mitigate this issue, create an access list configuration to reject all gopher URL requests:\n\nSet ACL directives in your squid.conf file (or equivalent) as follows:\nacl gopher proto gopher\nhttp_access deny gopher\n\nImportant: This sequence must be placed above any lines starting with \"http_access allow\" in your configuration.\nObservation: Some loss of performance may occur with this configuration.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid: NULL pointer dereference in the gopher protocol code"
},
{
"cve": "CVE-2023-49285",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2023-12-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252926"
}
],
"notes": [
{
"category": "description",
"text": "A buffer over-read flaw was found in Squid\u0027s HTTP Message processing feature. This issue may allow attackers to perform remote denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Buffer over-read in the HTTP Message processing feature",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49285"
},
{
"category": "external",
"summary": "RHBZ#2252926",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252926"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49285"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49285",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49285"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-03T21:13:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0046"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid: Buffer over-read in the HTTP Message processing feature"
},
{
"cve": "CVE-2023-49286",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2023-12-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252923"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Squid due to an incorrect check of the return value in the helper process management. This issue may allow attackers to perform remote denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Incorrect Check of Function Return Value In Helper Process management",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The only security impact of this vulnerability is a remote denial of service. For this reason, this flaw was rated with an important, and not critical, severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49286"
},
{
"category": "external",
"summary": "RHBZ#2252923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252923"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49286"
}
],
"release_date": "2023-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-01-03T21:13:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:0046"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20975+25f17541.5.x86_64::squid:4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid: Incorrect Check of Function Return Value In Helper Process management"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…