CVE-2023-49286 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
GitHub_M	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 83%

Vendor	Product	Version
squid-cache	squid	𝑥 ≤ 6.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

squid

bullseye (security)	4.13-10+deb11u3 fixed
bullseye	4.13-10+deb11u3 fixed
bookworm	5.7-2+deb12u2 fixed
bookworm (security)	5.7-2+deb12u2 fixed
sid	6.12-1 fixed
trixie	6.12-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

squid

noble	Fixed 6.5-1ubuntu1 released
mantic	Fixed 6.1-2ubuntu1.2 released
lunar	Fixed 5.7-1ubuntu3.2 released
jammy	Fixed 5.7-0ubuntu0.22.04.3 released
focal	Fixed 4.10-1ubuntu1.9 released
bionic	ignored
xenial	ignored
trusty	ignored

squid3

noble	dne
mantic	dne
lunar	dne
jammy	dne
focal	dne
bionic	Fixed 3.5.27-1ubuntu1.14+esm2 released
xenial	Fixed 3.5.12-1ubuntu7.16+esm3 released
trusty	ignored

Common Weakness Enumeration

CWE-253 - Incorrect Check of Function Return Value
The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.
CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch

https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264

https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27

https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/

https://security.netapp.com/advisory/ntap-20240119-0004/

http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch

https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264

https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27

https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/

https://security.netapp.com/advisory/ntap-20240119-0004/