CVE-2023-46728
- ULN >
- Oracle Linux CVE repository >
- CVE-2023-46728
CVE Details
| Release Date: | 2023-09-26 | |
| Impact: | Important | What is this? |
Description
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.
See more information about CVE-2023-46728 from MITRE CVE dictionary and NIST NVD
NOTE: The following CVSS metrics and score provided are preliminary and subject to review.
CVSS v3 metrics
| Base Score: | 7.5 |
| Vector String: | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Version: | 3.0 |
| Attack Vector: | Network |
| Attack Complexity: | Low |
| Privileges Required: | None |
| User Interaction: | None |
| Scope: | Unchanged |
| Confidentiality Impact: | None |
| Integrity Impact: | None |
| Availability Impact: | High |
Errata information
| Platform | Errata | Release Date |
| Oracle Linux version 7 (squid) | ELSA-2024-1787 | 2024-04-11 |
| Oracle Linux version 8 (libecap) | ELSA-2024-0046 | 2024-01-04 |
| Oracle Linux version 8 (squid) | ELSA-2024-0046 | 2024-01-04 |
| Oracle Linux version 9 (squid) | ELSA-2024-0071 | 2024-01-10 |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
