CVE-2023-50269

Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the followxforwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-674"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/50xxx/CVE-2023-50269.json"
}

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type

GIT

Repo

https://github.com/squid-cache/squid

Events

Introduced

f188960023551b2e9cb2a9df245b92bfeef37056

Last affected

20d1c7236c7493b1f8b7e47f2e2afc529232071c

Introduced

ef1e128ce5a9733ae57d6595806bb832de389446

Last affected

03c8a93e863f873b5d6ff45adb786db447cabcd6

Database specific

{
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.1"
        },
        {
            "last_affected": "5.9"
        },
        {
            "introduced": "6.0.1"
        },
        {
            "last_affected": "6.5"
        }
    ]
}

Affected versions

Other

SQUID_6_0_1

SQUID_6_0_2

SQUID_6_0_3

SQUID_6_1

SQUID_6_2

SQUID_6_3

SQUID_6_4

SQUID_6_5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50269.json"