Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-5824 (GCVE-0-2023-5824)
Vulnerability from cvelistv5 – Published: 2023-11-03 07:56 – Updated: 2025-11-06 20:51
VLAI
EPSS
Title
Squid: dos against http and https
Summary
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
Severity
7.5 (High)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2023:7465 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2023:7668 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:0072 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:0397 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:0771 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:0772 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:0773 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2024:1153 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/security/cve/CVE-2023-5824 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2245914 | issue-trackingx_refsource_REDHAT |
| https://github.com/squid-cache/squid/security/adv… |
Impacted products
14 products
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
8090020231130092412.a75119d5 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
8020020240122164331.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service |
Unaffected:
8020020240122164331.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions |
Unaffected:
8020020240122164331.4cda2c84 , < *
(rpm)
cpe:/a:redhat:rhel_tus:8.2::appstream cpe:/a:redhat:rhel_e4s:8.2::appstream cpe:/a:redhat:rhel_aus:8.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
8040020240122165847.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
8040020240122165847.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
8040020240122165847.522a0ee4 , < *
(rpm)
cpe:/a:redhat:rhel_e4s:8.4::appstream cpe:/a:redhat:rhel_tus:8.4::appstream cpe:/a:redhat:rhel_aus:8.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support |
Unaffected:
8060020231222131040.ad008a3a , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
8080020231222130009.63b34585 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
7:5.5-6.el9_3.2 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support |
Unaffected:
7:5.2-1.el9_0.4 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support |
Unaffected:
7:5.5-5.el9_2.3 , < *
(rpm)
cpe:/a:redhat:rhel_eus:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
Date Public
2023-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:08:10.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2023:7465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"name": "RHSA-2023:7668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"name": "RHSA-2024:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"name": "RHSA-2024:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"name": "RHSA-2024:0771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"name": "RHSA-2024:0772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"name": "RHSA-2024:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"name": "RHSA-2024:1153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"name": "RHBZ#2245914",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231130092412.a75119d5",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020240122164331.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020240122164331.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_tus:8.2::appstream",
"cpe:/a:redhat:rhel_e4s:8.2::appstream",
"cpe:/a:redhat:rhel_aus:8.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020240122164331.4cda2c84",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020240122165847.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020240122165847.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.4::appstream",
"cpe:/a:redhat:rhel_tus:8.4::appstream",
"cpe:/a:redhat:rhel_aus:8.4::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020240122165847.522a0ee4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.6::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231222131040.ad008a3a",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::appstream"
],
"defaultStatus": "affected",
"packageName": "squid:4",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231222130009.63b34585",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-6.el9_3.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.2-1.el9_0.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-5.el9_2.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "squid",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2023-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:51:27.614Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2023:7465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"name": "RHSA-2023:7668",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"name": "RHSA-2024:0072",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"name": "RHSA-2024:0397",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"name": "RHSA-2024:0771",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"name": "RHSA-2024:0772",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"name": "RHSA-2024:0773",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"name": "RHSA-2024:1153",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"name": "RHBZ#2245914",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-24T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-10-19T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Squid: dos against http and https",
"workarounds": [
{
"lang": "en",
"value": "Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the \u0027cache_dir\u0027 directives from the Squid configuration, typically in the /etc/squid/squid.conf file."
}
],
"x_redhatCweChain": "CWE-755: Improper Handling of Exceptional Conditions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-5824",
"datePublished": "2023-11-03T07:56:36.369Z",
"dateReserved": "2023-10-27T09:37:47.593Z",
"dateUpdated": "2025-11-06T20:51:27.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-5824",
"date": "2026-05-28",
"epss": "0.01879",
"percentile": "0.83433"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-5824\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2023-11-03T08:15:08.270\",\"lastModified\":\"2025-11-03T19:15:42.437\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.\"},{\"lang\":\"es\",\"value\":\"Squid es vulnerable a ataques de Denegaci\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.4\",\"matchCriteriaId\":\"1D384D1F-2A05-4EE0-9CB8-C83FDC53F608\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7465\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7668\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0072\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0397\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0771\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0772\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0773\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1153\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-5824\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2245914\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2023:7668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0072\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0397\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0771\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0772\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:0773\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1153\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2023-5824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2245914\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231130-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
alsa-2023:7465
Vulnerability from osv_almalinux
Published
2023-11-22 00:00
Modified
2023-11-23 08:38
Summary
Important: squid security update
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
- squid: DoS against HTTP and HTTPS (CVE-2023-5824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "squid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7:5.5-6.el9_3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: DoS against HTTP and HTTPS (CVE-2023-5824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:7465",
"modified": "2023-11-23T08:38:27Z",
"published": "2023-11-22T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245914"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-7465.html"
}
],
"related": [
"CVE-2023-5824"
],
"summary": "Important: squid security update"
}
alsa-2023:7668
Vulnerability from osv_almalinux
Published
2023-12-06 00:00
Modified
2023-12-14 08:59
Summary
Important: squid:4 security update
Details
Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
- squid: DoS against HTTP and HTTPS (CVE-2023-5824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libecap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1-2.module_el8.6.0+2741+01592ae8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libecap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1-2.module_el8.6.0+3048+383bc947"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libecap-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1-2.module_el8.6.0+2741+01592ae8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libecap-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.1-2.module_el8.6.0+3048+383bc947"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "squid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "7:4.15-7.module_el8.9.0+3696+b881db49.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: DoS against HTTP and HTTPS (CVE-2023-5824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:7668",
"modified": "2023-12-14T08:59:00Z",
"published": "2023-12-06T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2245914"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-7668.html"
}
],
"related": [
"CVE-2023-5824"
],
"summary": "Important: squid:4 security update"
}
BDU:2023-08061
Vulnerability from fstec - Published: 03.11.2023
VLAI
Title
Уязвимость прокси-сервера Squid, связана с неправильным обращением с исключительными условиями и неконтролируемым потреблением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость прокси-сервера Squid связанная с ограничениями, применяемыми для проверки заголовков HTTP-ответа перед кэшированием. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
ООО «Ред Софт», АО «ИВК», АО «НТЦ ИТ РОСА», Squid Software Foundation
Software Name
РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), РОСА ХРОМ (запись в едином реестре российских программ №1607), Squid
Software Version
7.3 (РЕД ОС), - (Альт 8 СП), 12.4 (РОСА ХРОМ), до 6.3 (Squid)
Possible Mitigations
Для Squid:
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2024-2477
Reference
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
https://redos.red-soft.ru/support/secure/
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
https://abf.rosa.ru/advisories/ROSA-SA-2024-2477
CWE
CWE-755
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Squid Software Foundation",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 6.3 (Squid)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Squid:\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2024-2477",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.11.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "05.03.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "22.11.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08061",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-5824",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), Squid",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Squid, \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0431\u0440\u0430\u0449\u0435\u043d\u0438\u0435\u043c \u0441 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u043c\u0438 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u043c\u0438 \u0438 \u043d\u0435\u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u043c \u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0439 (CWE-755)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Squid \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f\u043c\u0438, \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u044b\u043c\u0438 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u0432 HTTP-\u043e\u0442\u0432\u0435\u0442\u0430 \u043f\u0435\u0440\u0435\u0434 \u043a\u044d\u0448\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255\nhttps://redos.red-soft.ru/support/secure/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2477",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-755",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2024-AVI-0354
Vulnerability from certfr_avis - Published: 2024-04-29 - Updated: 2024-04-29
De multiples vulnérabilités ont été découvertes dans les produits Qnap. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Qnap | N/A | QuTScloud versions c5.x antérieures à c5.1.5.2651 | ||
| Qnap | QTS | QTS versions 5.1.x antérieures à 5.1.6.2722 build 20240402 | ||
| Qnap | QTS | QTS versions 4.5.x antérieures à 4.5.4.2627 build 20231225 | ||
| Qnap | QuTS hero | QuTS hero versions h4.5.x antérieures à h4.5.4.2626 build 20231225 | ||
| Qnap | N/A | myQNAPcloud versions 1.0.x antérieures à 1.0.52 | ||
| Qnap | N/A | Proxy Server versions 1.4.x antérieures à 1.4.6 | ||
| Qnap | N/A | myQNAPcloud Link versions 2.4.x antérieures à 2.4.51 | ||
| Qnap | N/A | Media Streaming add-on versions 500.1.x antérieures à 500.1.1.5 | ||
| Qnap | QuTS hero | QuTS hero versions h5.1.x antérieures à h5.1.6.2734 build 20240414 | ||
| Qnap | N/A | QuFirewall versions 2.4.x antérieures à 2.4.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QuTScloud versions c5.x ant\u00e9rieures \u00e0 c5.1.5.2651",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 5.1.x ant\u00e9rieures \u00e0 5.1.6.2722 build 20240402",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QTS versions 4.5.x ant\u00e9rieures \u00e0 4.5.4.2627 build 20231225",
"product": {
"name": "QTS",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h4.5.x ant\u00e9rieures \u00e0 h4.5.4.2626 build 20231225",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "myQNAPcloud versions 1.0.x ant\u00e9rieures \u00e0 1.0.52",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Proxy Server versions 1.4.x ant\u00e9rieures \u00e0 1.4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "myQNAPcloud Link versions 2.4.x ant\u00e9rieures \u00e0 2.4.51",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "Media Streaming add-on versions 500.1.x ant\u00e9rieures \u00e0 500.1.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuTS hero versions h5.1.x ant\u00e9rieures \u00e0 h5.1.6.2734 build 20240414",
"product": {
"name": "QuTS hero",
"vendor": {
"name": "Qnap",
"scada": false
}
}
},
{
"description": "QuFirewall versions 2.4.x ant\u00e9rieures \u00e0 2.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Qnap",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-32766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32766"
},
{
"name": "CVE-2023-5824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5824"
},
{
"name": "CVE-2024-27124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27124"
},
{
"name": "CVE-2023-50363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50363"
},
{
"name": "CVE-2023-46846",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46846"
},
{
"name": "CVE-2023-46847",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46847"
},
{
"name": "CVE-2023-41290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41290"
},
{
"name": "CVE-2024-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21905"
},
{
"name": "CVE-2023-46724",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46724"
},
{
"name": "CVE-2024-21900",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21900"
},
{
"name": "CVE-2023-41291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41291"
},
{
"name": "CVE-2023-51365",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51365"
},
{
"name": "CVE-2024-21901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21901"
},
{
"name": "CVE-2024-32764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32764"
},
{
"name": "CVE-2023-50364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50364"
},
{
"name": "CVE-2024-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21899"
},
{
"name": "CVE-2023-51364",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51364"
},
{
"name": "CVE-2023-50362",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50362"
},
{
"name": "CVE-2023-47222",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47222"
},
{
"name": "CVE-2023-50361",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50361"
}
],
"initial_release_date": "2024-04-29T00:00:00",
"last_revision_date": "2024-04-29T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0354",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Qnap\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-16 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-16"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-15 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-15"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-18 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-18"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-14 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-14"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-20 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-20"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-17 du 26 avril 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-17"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Qnap qsa-24-09 du 09 mars 2024",
"url": "https://www.qnap.com/go/security-advisory/qsa-24-09"
}
]
}
FKIE_CVE-2023-5824
Vulnerability from fkie_nvd - Published: 2023-11-03 08:15 - Updated: 2025-11-03 19:15
Severity
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squid-cache | squid | * | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D384D1F-2A05-4EE0-9CB8-C83FDC53F608",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service."
},
{
"lang": "es",
"value": "Squid es vulnerable a ataques de Denegaci\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales."
}
],
"id": "CVE-2023-5824",
"lastModified": "2025-11-03T19:15:42.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-03T08:15:08.270",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2023-5824
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-5824",
"id": "GSD-2023-5824"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-5824"
],
"details": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.",
"id": "GSD-2023-5824",
"modified": "2023-12-13T01:20:50.645153Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2023-5824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8090020231130092412.a75119d5",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020240122164331.4cda2c84",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020240122164331.4cda2c84",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8020020240122164331.4cda2c84",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020240122165847.522a0ee4",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020240122165847.522a0ee4",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8040020240122165847.522a0ee4",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8060020231222131040.ad008a3a",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8080020231222130009.63b34585",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-6.el9_3.2",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.2-1.el9_0.4",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "7:5.5-5.el9_2.3",
"versionType": "rpm"
}
]
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-755",
"lang": "eng",
"value": "Improper Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/errata/RHSA-2023:7465",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"name": "https://access.redhat.com/errata/RHSA-2023:7668",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0072",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0397",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0771",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0772",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:0773",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"name": "https://access.redhat.com/errata/RHSA-2024:1153",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2023-5824",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"name": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
},
{
"name": "https://security.netapp.com/advisory/ntap-20231130-0003/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D384D1F-2A05-4EE0-9CB8-C83FDC53F608",
"versionEndExcluding": "6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug."
},
{
"lang": "es",
"value": "Squid es vulnerable a ataques de Denegaci\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales."
}
],
"id": "CVE-2023-5824",
"lastModified": "2024-04-25T16:15:09.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2023-11-03T08:15:08.270",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0072"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0397"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0771"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0772"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:0773"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:1153"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20231130-0003/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
}
}
}
MSRC_CVE-2023-5824
Vulnerability from csaf_microsoft - Published: 2023-11-01 07:00 - Updated: 2026-02-21 03:37Summary
Squid: dos against http and https
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2023/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5824 Squid: dos against http and https - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-5824.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Squid: dos against http and https",
"tracking": {
"current_release_date": "2026-02-21T03:37:13.000Z",
"generator": {
"date": "2026-02-21T03:57:10.280Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2023-5824",
"initial_release_date": "2023-11-01T07:00:00.000Z",
"revision_history": [
{
"date": "2025-09-03T22:25:30.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-21T03:37:13.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 squid 6.13-1",
"product": {
"name": "\u003cazl3 squid 6.13-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 squid 6.13-1",
"product": {
"name": "azl3 squid 6.13-1",
"product_id": "20164"
}
}
],
"category": "product_name",
"name": "squid"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 squid 6.13-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 squid 6.13-1 as a component of Azure Linux 3.0",
"product_id": "20164-17084"
},
"product_reference": "20164",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5824",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20164-17084"
],
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5824 Squid: dos against http and https - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2023/msrc_cve-2023-5824.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T22:25:30.000Z",
"details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17084-1"
]
}
],
"title": "Squid: dos against http and https"
}
]
}
OPENSUSE-SU-2024:13398-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
squid-6.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: squid-6.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the squid-6.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13398
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:squid-6.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "squid-6.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the squid-6.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13398",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13398-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46724 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46846 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46847 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46848 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46848/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5824 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5824/"
}
],
"title": "squid-6.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13398-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "squid-6.4-1.1.aarch64",
"product": {
"name": "squid-6.4-1.1.aarch64",
"product_id": "squid-6.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-6.4-1.1.ppc64le",
"product": {
"name": "squid-6.4-1.1.ppc64le",
"product_id": "squid-6.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-6.4-1.1.s390x",
"product": {
"name": "squid-6.4-1.1.s390x",
"product_id": "squid-6.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-6.4-1.1.x86_64",
"product": {
"name": "squid-6.4-1.1.x86_64",
"product_id": "squid-6.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-6.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:squid-6.4-1.1.aarch64"
},
"product_reference": "squid-6.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-6.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:squid-6.4-1.1.ppc64le"
},
"product_reference": "squid-6.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-6.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:squid-6.4-1.1.s390x"
},
"product_reference": "squid-6.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-6.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
},
"product_reference": "squid-6.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-46724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46724"
}
],
"notes": [
{
"category": "general",
"text": "Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid\u0027s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46724",
"url": "https://www.suse.com/security/cve/CVE-2023-46724"
},
{
"category": "external",
"summary": "SUSE Bug 1216803 for CVE-2023-46724",
"url": "https://bugzilla.suse.com/1216803"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46724"
},
{
"cve": "CVE-2023-46846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46846"
}
],
"notes": [
{
"category": "general",
"text": "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46846",
"url": "https://www.suse.com/security/cve/CVE-2023-46846"
},
{
"category": "external",
"summary": "SUSE Bug 1216500 for CVE-2023-46846",
"url": "https://bugzilla.suse.com/1216500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46846"
},
{
"cve": "CVE-2023-46847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46847"
}
],
"notes": [
{
"category": "general",
"text": "Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46847",
"url": "https://www.suse.com/security/cve/CVE-2023-46847"
},
{
"category": "external",
"summary": "SUSE Bug 1216495 for CVE-2023-46847",
"url": "https://bugzilla.suse.com/1216495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46847"
},
{
"cve": "CVE-2023-46848",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46848"
}
],
"notes": [
{
"category": "general",
"text": "Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46848",
"url": "https://www.suse.com/security/cve/CVE-2023-46848"
},
{
"category": "external",
"summary": "SUSE Bug 1216498 for CVE-2023-46848",
"url": "https://bugzilla.suse.com/1216498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46848"
},
{
"cve": "CVE-2023-5824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5824"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5824",
"url": "https://www.suse.com/security/cve/CVE-2023-5824"
},
{
"category": "external",
"summary": "SUSE Bug 1216496 for CVE-2023-5824",
"url": "https://bugzilla.suse.com/1216496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:squid-6.4-1.1.aarch64",
"openSUSE Tumbleweed:squid-6.4-1.1.ppc64le",
"openSUSE Tumbleweed:squid-6.4-1.1.s390x",
"openSUSE Tumbleweed:squid-6.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-5824"
}
]
}
RHSA-2023:7465
Vulnerability from csaf_redhat - Published: 2023-11-22 17:28 - Updated: 2026-03-18 02:29Summary
Red Hat Security Advisory: squid security update
Severity
Important
Notes
Topic: An update for squid is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: DoS against HTTP and HTTPS (CVE-2023-5824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Squid. The use of the HTTP Collapsed Forwarding configuration may allow an attacker to perform a denial of service remotely.
7.5 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap-based buffer overflow flaw was found in the Squid caching proxy. When processing the Uniform Resource Name (URNs), specific conditions can lead to remote code execution.
8.9 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for squid is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: DoS against HTTP and HTTPS (CVE-2023-5824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7465",
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2245914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7465.json"
}
],
"title": "Red Hat Security Advisory: squid security update",
"tracking": {
"current_release_date": "2026-03-18T02:29:23+00:00",
"generator": {
"date": "2026-03-18T02:29:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:7465",
"initial_release_date": "2023-11-22T17:28:07+00:00",
"revision_history": [
{
"date": "2023-11-22T17:28:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-11-22T17:28:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:29:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.5-6.el9_3.2.src",
"product": {
"name": "squid-7:5.5-6.el9_3.2.src",
"product_id": "squid-7:5.5-6.el9_3.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=src\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.5-6.el9_3.2.aarch64",
"product": {
"name": "squid-7:5.5-6.el9_3.2.aarch64",
"product_id": "squid-7:5.5-6.el9_3.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"product": {
"name": "squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"product_id": "squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@5.5-6.el9_3.2?arch=aarch64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"product": {
"name": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"product_id": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@5.5-6.el9_3.2?arch=aarch64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.5-6.el9_3.2.ppc64le",
"product": {
"name": "squid-7:5.5-6.el9_3.2.ppc64le",
"product_id": "squid-7:5.5-6.el9_3.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"product": {
"name": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"product_id": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@5.5-6.el9_3.2?arch=ppc64le\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"product": {
"name": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"product_id": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@5.5-6.el9_3.2?arch=ppc64le\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.5-6.el9_3.2.x86_64",
"product": {
"name": "squid-7:5.5-6.el9_3.2.x86_64",
"product_id": "squid-7:5.5-6.el9_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:5.5-6.el9_3.2.x86_64",
"product": {
"name": "squid-debugsource-7:5.5-6.el9_3.2.x86_64",
"product_id": "squid-debugsource-7:5.5-6.el9_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@5.5-6.el9_3.2?arch=x86_64\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"product": {
"name": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"product_id": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@5.5-6.el9_3.2?arch=x86_64\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "squid-7:5.5-6.el9_3.2.s390x",
"product": {
"name": "squid-7:5.5-6.el9_3.2.s390x",
"product_id": "squid-7:5.5-6.el9_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@5.5-6.el9_3.2?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:5.5-6.el9_3.2.s390x",
"product": {
"name": "squid-debugsource-7:5.5-6.el9_3.2.s390x",
"product_id": "squid-debugsource-7:5.5-6.el9_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@5.5-6.el9_3.2?arch=s390x\u0026epoch=7"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"product": {
"name": "squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"product_id": "squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@5.5-6.el9_3.2?arch=s390x\u0026epoch=7"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.5-6.el9_3.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64"
},
"product_reference": "squid-7:5.5-6.el9_3.2.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.5-6.el9_3.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le"
},
"product_reference": "squid-7:5.5-6.el9_3.2.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.5-6.el9_3.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x"
},
"product_reference": "squid-7:5.5-6.el9_3.2.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.5-6.el9_3.2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src"
},
"product_reference": "squid-7:5.5-6.el9_3.2.src",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:5.5-6.el9_3.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64"
},
"product_reference": "squid-7:5.5-6.el9_3.2.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64"
},
"product_reference": "squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le"
},
"product_reference": "squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:5.5-6.el9_3.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x"
},
"product_reference": "squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64"
},
"product_reference": "squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:5.5-6.el9_3.2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64"
},
"product_reference": "squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le"
},
"product_reference": "squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:5.5-6.el9_3.2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x"
},
"product_reference": "squid-debugsource-7:5.5-6.el9_3.2.s390x",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:5.5-6.el9_3.2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
},
"product_reference": "squid-debugsource-7:5.5-6.el9_3.2.x86_64",
"relates_to_product_reference": "AppStream-9.3.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5824",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2023-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2245914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: DoS against HTTP and HTTPS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability only affects configurations with the `cache_dir` directive enabled. If this directive is not enabled, the Squid server is not vulnerable and no further mitigation is needed. For more information about the mitigation, see the mitigation section below.\n\nThe `cache_dir` directive is disabled by default in Squid shipped in Red Hat Enterprise Linux 6, 7, 8 and 9. Therefore, these Red Hat Enterprise Linux versions are not vulnerable with the default configuration.\n\nRed Hat is not planning to address this issue in Red Hat Enterprise Linux 6 and 7 due to the changes required and the magnitude of the differences between Squid 3 and 4 code bases, backporting the changes to the Squid 3 code base has not been feasible.\n\nWe recommend that customers using Squid as a caching proxy on Red Hat Enterprise Linux 6 and 7 to upgrade to Red Hat Enterprise Linux 8 and 9 to use Squid version 4 or version 5, respectively. Alternatively, see the mitigation section below for a way to workaround this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"category": "external",
"summary": "RHBZ#2245914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5824"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
}
],
"release_date": "2023-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-22T17:28:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"category": "workaround",
"details": "Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the \u0027cache_dir\u0027 directives from the Squid configuration, typically in the /etc/squid/squid.conf file.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid: DoS against HTTP and HTTPS"
},
{
"cve": "CVE-2023-49288",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252918"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Squid. The use of the HTTP Collapsed Forwarding configuration may allow an attacker to perform a denial of service remotely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Use-After-Free in the HTTP Collapsed Forwarding Feature",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Collapsed Forwarding features are only used in Squid for accelerator servers and is not enabled by default, lowering the severity of this flaw to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49288"
},
{
"category": "external",
"summary": "RHBZ#2252918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252918"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49288"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-22T17:28:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"category": "workaround",
"details": "To mitigate this issue, lines for the \u0027collapsed_forwarding\u0027 feature have to be removed from your squid.conf.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Use-After-Free in the HTTP Collapsed Forwarding Feature"
},
{
"cve": "CVE-2025-54574",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-08-01T19:01:04.741560+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2386026"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow flaw was found in the Squid caching proxy. When processing the Uniform Resource Name (URNs), specific conditions can lead to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid-cache: Squid Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important because the heap-based buffer overflow occurs during URN processing in Squid\u2019s core request-handling path, which is exposed to untrusted, remote input. Unlike flaws that merely cause a service crash, this defect allows an attacker to manipulate heap memory structures, potentially achieving arbitrary code execution within the Squid process context. Since Squid often runs with elevated privileges and serves as a gateway between internal and external networks, successful exploitation could provide a remote attacker with direct control over the proxy server, enabling them to pivot into internal systems, intercept sensitive traffic, or alter cached content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-54574"
},
{
"category": "external",
"summary": "RHBZ#2386026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386026"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-54574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-54574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54574"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988",
"url": "https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/releases/tag/SQUID_6_4",
"url": "https://github.com/squid-cache/squid/releases/tag/SQUID_6_4"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3"
}
],
"release_date": "2025-08-01T18:02:19.117000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-22T17:28:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7465"
},
{
"category": "workaround",
"details": "Users can disable URN access permissions to mitigate this issue.",
"product_ids": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.src",
"AppStream-9.3.0.Z.MAIN:squid-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debuginfo-7:5.5-6.el9_3.2.x86_64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.aarch64",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.ppc64le",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.s390x",
"AppStream-9.3.0.Z.MAIN:squid-debugsource-7:5.5-6.el9_3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid-cache: Squid Buffer Overflow"
}
]
}
RHSA-2023:7668
Vulnerability from csaf_redhat - Published: 2023-12-06 10:02 - Updated: 2026-03-18 02:30Summary
Red Hat Security Advisory: squid:4 security update
Severity
Important
Notes
Topic: An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.
Security Fix(es):
* squid: DoS against HTTP and HTTPS (CVE-2023-5824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Squid. The use of the HTTP Collapsed Forwarding configuration may allow an attacker to perform a denial of service remotely.
7.5 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap-based buffer overflow flaw was found in the Squid caching proxy. When processing the Uniform Resource Name (URNs), specific conditions can lead to remote code execution.
8.9 (High)
Affected products
Fixed
30 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.\n\nSecurity Fix(es):\n\n* squid: DoS against HTTP and HTTPS (CVE-2023-5824)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:7668",
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification#important",
"url": "https://access.redhat.com/security/updates/classification#important"
},
{
"category": "external",
"summary": "2245914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7668.json"
}
],
"title": "Red Hat Security Advisory: squid:4 security update",
"tracking": {
"current_release_date": "2026-03-18T02:30:07+00:00",
"generator": {
"date": "2026-03-18T02:30:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2023:7668",
"initial_release_date": "2023-12-06T10:02:28+00:00",
"revision_history": [
{
"date": "2023-12-06T10:02:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-12-06T10:02:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T02:30:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=src\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=src\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=aarch64\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64 (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64 (squid:4)",
"product_id": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64 (squid:4)",
"product_id": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=aarch64\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=ppc64le\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le (squid:4)",
"product_id": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le (squid:4)",
"product_id": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=ppc64le\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=s390x\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x (squid:4)",
"product_id": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x (squid:4)",
"product_id": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=s390x\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debuginfo@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-debugsource@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4)",
"product_id": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/libecap-devel@1.0.1-2.module%2Bel8.9.0%2B19703%2Ba1da7223?arch=x86_64\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"product": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64 (squid:4)",
"product_id": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"product": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64 (squid:4)",
"product_id": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debuginfo@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
},
{
"category": "product_version",
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"product": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64 (squid:4)",
"product_id": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/squid-debugsource@4.15-7.module%2Bel8.9.0%2B20806%2B014d88aa.3?arch=x86_64\u0026epoch=7\u0026rpmmod=squid:4:8090020231130092412:a75119d5"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4"
},
"product_reference": "libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
},
"product_reference": "squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
},
"product_reference": "squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64 (squid:4) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
},
"product_reference": "squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"relates_to_product_reference": "AppStream-8.9.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-5824",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2023-10-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2245914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: DoS against HTTP and HTTPS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability only affects configurations with the `cache_dir` directive enabled. If this directive is not enabled, the Squid server is not vulnerable and no further mitigation is needed. For more information about the mitigation, see the mitigation section below.\n\nThe `cache_dir` directive is disabled by default in Squid shipped in Red Hat Enterprise Linux 6, 7, 8 and 9. Therefore, these Red Hat Enterprise Linux versions are not vulnerable with the default configuration.\n\nRed Hat is not planning to address this issue in Red Hat Enterprise Linux 6 and 7 due to the changes required and the magnitude of the differences between Squid 3 and 4 code bases, backporting the changes to the Squid 3 code base has not been feasible.\n\nWe recommend that customers using Squid as a caching proxy on Red Hat Enterprise Linux 6 and 7 to upgrade to Red Hat Enterprise Linux 8 and 9 to use Squid version 4 or version 5, respectively. Alternatively, see the mitigation section below for a way to workaround this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-5824"
},
{
"category": "external",
"summary": "RHBZ#2245914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-5824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5824"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-5824",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5824"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"
}
],
"release_date": "2023-10-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T10:02:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"category": "workaround",
"details": "Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the \u0027cache_dir\u0027 directives from the Squid configuration, typically in the /etc/squid/squid.conf file.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid: DoS against HTTP and HTTPS"
},
{
"cve": "CVE-2023-49288",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-12-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2252918"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Squid. The use of the HTTP Collapsed Forwarding configuration may allow an attacker to perform a denial of service remotely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid: Use-After-Free in the HTTP Collapsed Forwarding Feature",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Collapsed Forwarding features are only used in Squid for accelerator servers and is not enabled by default, lowering the severity of this flaw to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-49288"
},
{
"category": "external",
"summary": "RHBZ#2252918",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252918"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-49288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-49288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49288"
}
],
"release_date": "2023-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T10:02:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"category": "workaround",
"details": "To mitigate this issue, lines for the \u0027collapsed_forwarding\u0027 feature have to be removed from your squid.conf.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "squid: Use-After-Free in the HTTP Collapsed Forwarding Feature"
},
{
"cve": "CVE-2025-54574",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-08-01T19:01:04.741560+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2386026"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow flaw was found in the Squid caching proxy. When processing the Uniform Resource Name (URNs), specific conditions can lead to remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "squid-cache: Squid Buffer Overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important because the heap-based buffer overflow occurs during URN processing in Squid\u2019s core request-handling path, which is exposed to untrusted, remote input. Unlike flaws that merely cause a service crash, this defect allows an attacker to manipulate heap memory structures, potentially achieving arbitrary code execution within the Squid process context. Since Squid often runs with elevated privileges and serves as a gateway between internal and external networks, successful exploitation could provide a remote attacker with direct control over the proxy server, enabling them to pivot into internal systems, intercept sensitive traffic, or alter cached content.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-54574"
},
{
"category": "external",
"summary": "RHBZ#2386026",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2386026"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-54574",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-54574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54574"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988",
"url": "https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/releases/tag/SQUID_6_4",
"url": "https://github.com/squid-cache/squid/releases/tag/SQUID_6_4"
},
{
"category": "external",
"summary": "https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3",
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3"
}
],
"release_date": "2025-08-01T18:02:19.117000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-12-06T10:02:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing this update, the squid service will be restarted automatically.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:7668"
},
{
"category": "workaround",
"details": "Users can disable URN access permissions to mitigate this issue.",
"product_ids": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.src::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debuginfo-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-debugsource-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:libecap-devel-0:1.0.1-2.module+el8.9.0+19703+a1da7223.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.src::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debuginfo-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.aarch64::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.ppc64le::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.s390x::squid:4",
"AppStream-8.9.0.Z.MAIN:squid-debugsource-7:4.15-7.module+el8.9.0+20806+014d88aa.3.x86_64::squid:4"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "squid-cache: Squid Buffer Overflow"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…