CVE-2023-49285
7.5
HIGH
CVSS 3.1
EPSS 9.6%
Description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
How to fix CVE-2023-49285
To remediate CVE-2023-49285, upgrade the affected package to a fixed version below.
- Alpine/squid—upgrade to 6.5-r0 or later
- —upgrade to 4.13-10+deb11u3 or later
Is CVE-2023-49285 being exploited?
Moderate — EPSS is 9.6%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 6.5-r0
- from 0, < 4.13-10+deb11u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |