Denial of Service in Helper Process management
CVE-2023-49286

8.6HIGH

Key Information:

Vendor

Squid-cache

Status
Squid
Vendor
CVE Published:
4 December 2023

What is CVE-2023-49286?

The Squid caching proxy, widely used for managing web traffic flows, is exposed to a Denial of Service vulnerability due to an Incorrect Check of Function Return Value. This flaw affects the Helper process management, making it susceptible to attacks that could disrupt service availability. Users are strongly advised to upgrade to Squid version 6.5, as no workarounds exist to mitigate this issue. Ensure your installations are up to date to maintain robust security against such vulnerabilities.

Affected Version(s)

squid < 6.5

References

https://github.com/squid-cache/squid/security/advisories/...
x_refsource_CONFIRM
https://github.com/squid-cache/squid/commit/6014c6648a2a5...
x_refsource_MISC
http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch
x_refsource_MISC

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.