CVE-2023-46728

EUVD-2023-50910
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
squid-cachesquid
𝑥
< 6.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bookworm
ignored
bookworm (security)
vulnerable
bullseye
ignored
bullseye (security)
vulnerable
buster
ignored
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
bionic
ignored
focal
Fixed 4.10-1ubuntu1.8
released
jammy
Fixed 5.7-0ubuntu0.22.04.2
released
lunar
Fixed 5.7-1ubuntu3.1
released
mantic
not-affected
trusty
ignored
xenial
ignored
squid3
bionic
Fixed 3.5.27-1ubuntu1.14+esm1
released
focal
dne
jammy
dne
lunar
dne
mantic
dne
trusty
ignored
xenial
Fixed 3.5.12-1ubuntu7.16+esm2
released
Common Weakness Enumeration
References
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
https://security.netapp.com/advisory/ntap-20231214-0006/
https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f
https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
https://security.netapp.com/advisory/ntap-20231214-0006/