CVE-2023-5824

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
squid-cachesquid
𝑥
< 6.4
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
squid
bullseye (security)
vulnerable
bullseye
ignored
bookworm
ignored
bookworm (security)
vulnerable
sid
6.12-1
fixed
trixie
6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
squid
oracular
Fixed 6.5-1ubuntu1
released
noble
Fixed 6.5-1ubuntu1
released
mantic
Fixed 6.1-2ubuntu1.3
released
lunar
ignored
jammy
Fixed 5.7-0ubuntu0.22.04.4
released
focal
Fixed 4.10-1ubuntu1.12
released
bionic
ignored
xenial
ignored
trusty
ignored
squid3
oracular
dne
noble
dne
mantic
dne
lunar
dne
jammy
dne
focal
dne
bionic
needed
xenial
needed
trusty
ignored
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2023:7465
https://access.redhat.com/errata/RHSA-2023:7668
https://access.redhat.com/errata/RHSA-2024:0072
https://access.redhat.com/errata/RHSA-2024:0397
https://access.redhat.com/errata/RHSA-2024:0771
https://access.redhat.com/errata/RHSA-2024:0772
https://access.redhat.com/errata/RHSA-2024:0773
https://access.redhat.com/errata/RHSA-2024:1153
https://access.redhat.com/security/cve/CVE-2023-5824
https://bugzilla.redhat.com/show_bug.cgi?id=2245914
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
https://access.redhat.com/errata/RHSA-2023:7465
https://access.redhat.com/errata/RHSA-2023:7668
https://access.redhat.com/errata/RHSA-2024:0072
https://access.redhat.com/errata/RHSA-2024:0397
https://access.redhat.com/errata/RHSA-2024:0771
https://access.redhat.com/errata/RHSA-2024:0772
https://access.redhat.com/errata/RHSA-2024:0773
https://access.redhat.com/errata/RHSA-2024:1153
https://access.redhat.com/security/cve/CVE-2023-5824
https://bugzilla.redhat.com/show_bug.cgi?id=2245914
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html
https://security.netapp.com/advisory/ntap-20231130-0003/