QID 357373

squid is a caching proxy for the web supporting http, https, ftp, and more.
Due to a buffer overread bug squid is vulnerable to a denial of service attack against squid http message processing.
This bug is fixed by squid version 6.5.
Users are advised to upgrade.
There are no known workarounds for this vulnerability. (
( CVE-2023-49285) squid is a caching proxy for the web supporting http, https, ftp, and more.
Affected versions of squid are subject to a a use-after-free bug which can lead to a denial of service attack via collapsed forwarding.
All versions of squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable.
Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable.
This bug is fixed by squid version 6.0.1.
Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf. (
( CVE-2023-49288) squid-2023:2 multiple issues in http response caching (cve-2023-5824) squid is a caching proxy for the web.
Due to an expired pointer reference bug, squid prior to version 6.6 is vulnerable to a denial of service attack against cache manager error responses.
This problem allows a trusted client to perform denial of service when generating error pages for client manager reports.
Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable.
All squid-5.x up to and including 5.9 are vulnerable.
All squid-6.x up to and including 6.5 are vulnerable.
This bug is fixed by squid version 6.6.
In addition, patches addressing this problem for the stable releases can be found in squids patch archives.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.