CVE-2023-49288
Denial of Service in HTTP Collapsed Forwarding in Squid
In short
Squid proxy versions 3.5 to 5.9 with collapsed forwarding enabled have a use-after-free memory bug that allows attackers to crash the service through specially crafted requests. This vulnerability only affects systems that explicitly enable collapsed forwarding in their configuration.
Technical detail
A use-after-free vulnerability exists in Squid's collapsed forwarding mechanism (CWE-416) when processing concurrent requests to the same resource. An attacker can trigger memory corruption by crafting requests that cause the proxy to access freed memory, resulting in denial of service. The vulnerability requires collapsed_forwarding directive to be explicitly enabled in squid.conf.
Summary generated and translated by AI from the official description.
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with "collapsed_forwarding on" are vulnerable. Configurations with "collapsed_forwarding off" or without a "collapsed_forwarding" directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected products
squid-cache · squidWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/squid-cache/squid/security/advisories/GHSA-rj5h-46j6-q2g5https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/https://security.netapp.com/advisory/ntap-20240119-0006/