Package squid updated to version 6.6-alt1 for branch p10 in task 337903.

Published: 2023-10-12

BDU:2023-08827

Уязвимость функции follow_x_forwarded_for() прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.6) Vector: AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

References:

CVE-2023-50269

Published: 2023-12-14
Modified: 2024-11-21

CVE-2023-50269

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.0

Package squid update in p10 on 2024-01-29

ALT-PU-2024-1077-3

Closed vulnerabilities

BDU:2023-08827

CVE-2023-50269