CVE-2023-50269

CVSS v3.1 7.5 (High)

EPSS 0.45 % (76^th)

Affected Products 1

Advisories 19

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

Weaknesses

CWE-674: Uncontrolled Recursion

CVE Status: PUBLISHED
CNA: GitHub, Inc.
Published Date: 2023-12-14 18:15:45
(9 months ago)
Updated Date: 2024-01-19 16:15:10
(8 months ago)

Affected Products

Squid-cache

Squid

Configuration #1

	CPE23	From	Up To
Squid-cache Squid from 3.1 version and 5.9 and prior versions	cpe:2.3:a:squid-cache:squid	>= 3.1	<= 5.9
Squid-cache Squid from 6.0.1 version and 6.5 and prior versions	cpe:2.3:a:squid-cache:squid	>= 6.0.1	<= 6.5
Squid-cache Squid 2.6	cpe:2.3:a:squid-cache:squid:2.6
Squid-cache Squid 2.7	cpe:2.3:a:squid-cache:squid:2.7:-
Squid-cache Squid 2.7 Stable1	cpe:2.3:a:squid-cache:squid:2.7:stable1
Squid-cache Squid 2.7 Stable2	cpe:2.3:a:squid-cache:squid:2.7:stable2
Squid-cache Squid 2.7 Stable3	cpe:2.3:a:squid-cache:squid:2.7:stable3
Squid-cache Squid 2.7 Stable4	cpe:2.3:a:squid-cache:squid:2.7:stable4
Squid-cache Squid 2.7 Stable5	cpe:2.3:a:squid-cache:squid:2.7:stable5
Squid-cache Squid 2.7 Stable6	cpe:2.3:a:squid-cache:squid:2.7:stable6
Squid-cache Squid 2.7 Stable7	cpe:2.3:a:squid-cache:squid:2.7:stable7
Squid-cache Squid 2.7 Stable8	cpe:2.3:a:squid-cache:squid:2.7:stable8
Squid-cache Squid 2.7 Stable9	cpe:2.3:a:squid-cache:squid:2.7:stable9