what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2023-50269

Status Candidate

Overview

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

Related Files

Ubuntu Security Notice USN-6857-1
Posted Jun 28, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6857-1 - Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that Squid incorrectly handled SSPI and SMB authentication. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 16.04 LTS.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2021-28651, CVE-2022-41318, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269
SHA-256 | 818b1f5d93b4df6bccfc5d6fc22d306b23072e7c7d370030caeb86a9084a4e70
Red Hat Security Advisory 2024-1376-03
Posted Apr 3, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1376-03 - An update for squid is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-50269
SHA-256 | f95b9815ab3349e7cbd9d83e568e2f45558655dc815403245b8d1df1466b2ba7
Red Hat Security Advisory 2024-1375-03
Posted Apr 3, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1375-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-50269
SHA-256 | 6cf810f4f84814c0e3af6d079dca7b6233d8a30e7b293a3e7d476b466ac01954
Debian Security Advisory 5637-1
Posted Mar 8, 2024
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

tags | advisory, remote, web, denial of service, overflow, vulnerability
systems | linux, debian
advisories | CVE-2023-46724, CVE-2023-46846, CVE-2023-46847, CVE-2023-46848, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617
SHA-256 | a79ef3e7a5505aef83c8e1d9026a34f64acecaa9ccd3e41b225ac5500d8a96e7
Red Hat Security Advisory 2024-1085-03
Posted Mar 5, 2024
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2024-1085-03 - An update for squid is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2023-50269
SHA-256 | e4c130608dc962062562f9d4781cf0361833443958fd6a0b7e0fc34783572c6b
Ubuntu Security Notice USN-6594-1
Posted Jan 23, 2024
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6594-1 - Joshua Rogers discovered that Squid incorrectly handled HTTP message processing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled Helper process management. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Joshua Rogers discovered that Squid incorrectly handled HTTP request parsing. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2023-49285, CVE-2023-49286, CVE-2023-50269
SHA-256 | db3db3f46c79cee5c6cf7b45a6f9a763efc55e8e7951b7556929117aafe4bdb0
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close