VDB
CNVD-2023-97500
CNVD-2023-97500
PUBLISHED
CVSS 8.600000381469727 HIGH
Squid是一套代理服务器和Web缓存服务器软件。该软件提供缓存万维网、过滤流量、代理上网等功能。 Squid存在缓冲区溢出漏洞,该漏洞源于应用在处理不受信任的输入时出现边界错误。远程攻击者可利用该漏洞在系统上执行任意代码或者导致拒绝服务攻击。
Risk Scores
CVSS v3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| squid-cache | squid | >= 2.2, < 6.5 |
Timeline
- Dec 3, 2023 CVE Published
- Jan 8, 2024 PoC Published
References
- https://github.com/squid-cache/squid/security/advisories/GHSA-8w9r-p88v-mmx9 url
- https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b url
- https://github.com/squid-cache/squid/commit/deee944f9a12c9fd399ce52f3e2526bb573a9470 url
- http://www.squid-cache.org/Versions/v5/SQUID-2023_7.patch url
- http://www.squid-cache.org/Versions/v6/SQUID-2023_7.patch url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/ url
- https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html url
- https://security.netapp.com/advisory/ntap-20240119-0004/ url