CVE-2023-49285

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-126
View all →

Vulnerability Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Related Vulnerabilities

CVE-2017-7668

HIGH
CVSS:7.5(High)

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously ...

CWE-1262017

CVE-2018-8789

HIGH
CVSS:7.5(High)

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).

CWE-1262018

CVE-2018-8791

HIGH
CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak.

CWE-1262018

CVE-2018-8792

HIGH
CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function cssp_read_tsrequest() that results in a Denial of Service (segfault).

CWE-1262018

CVE-2018-8796

HIGH
CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function process_bitmap_updates() that results in a Denial of Service (segfault).

CWE-1262018

CVE-2018-8798

HIGH
CVSS:7.5(High)

rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpsnd_process_ping() that results in an information leak.

CWE-1262018