AZL-32072

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-32072.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-32072

Upstream

CVE-2023-49285

Published

2023-12-04T23:15:27Z

Modified

2026-04-01T05:10:35.265220Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2023-49285 affecting package squid 5.7-5

Details

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-49285

Affected packages

Azure Linux:2 / squid

Package

Name: squid
Purl: pkg:rpm/azure-linux/squid

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.7-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-32072.json"