AZL-31941

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-31941.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-31941

Upstream

CVE-2023-46728

Published

2023-11-06T18:15:08Z

Modified

2026-04-01T05:10:30.228013Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2023-46728 affecting package squid 5.7-5

Details

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-46728

Affected packages

Azure Linux:2 / squid

Package

Name: squid
Purl: pkg:rpm/azure-linux/squid

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.7-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-31941.json"