ALPINE-CVE-2023-49285

ALPINE-CVE-2023-49285 PUBLISHED CVSS 7.5 HIGH

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.21	squid	0, 6.4-r0, 6.3-r0
Alpine:v3.19	squid	0, 2.7.6-r0, 2.7.6-r1
Alpine:v3.23	squid	5.5-r0, 2.7.6-r0, 2.7.6-r1
Alpine:v3.22	squid	3.5.22-r0, 2.7.6-r10, 2.7.6-r11
Alpine:v3.20	squid	2.7.6-r0, 6.4-r0, 6.3-r0

Timeline

Dec 4, 2023 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2023-49285 advisory

Open in Interactive Console →