AZL-32251

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-32251.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-32251

Upstream

CVE-2023-50269

Published

2023-12-14T18:15:45Z

Modified

2026-04-01T05:10:59.831060Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2023-50269 affecting package squid 5.7-5

Details

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the followxforwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-50269

Affected packages

Azure Linux:2 / squid

Package

Name: squid
Purl: pkg:rpm/azure-linux/squid

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

5.7-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-32251.json"