CVE-2023-5824 - OpenCVE

Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Rhel Aus Rhel E4s Rhel Eus Rhel Tus
Squid-cache	Squid

Configuration 1 [-]

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
squid:4-8090020231130092412.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7668	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
squid:4-8020020240122164331.4cda2c84	cpe:/a:redhat:rhel_aus:8.2	RHSA-2024:0772	2024-02-12T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
squid:4-8020020240122164331.4cda2c84	cpe:/a:redhat:rhel_tus:8.2	RHSA-2024:0772	2024-02-12T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
squid:4-8020020240122164331.4cda2c84	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2024:0772	2024-02-12T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
squid:4-8040020240122165847.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2024:0773	2024-02-12T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
squid:4-8040020240122165847.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2024:0773	2024-02-12T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
squid:4-8040020240122165847.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2024:0773	2024-02-12T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
squid:4-8060020231222131040.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2024:0771	2024-02-12T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
squid:4-8080020231222130009.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2024:0397	2024-01-24T00:00:00Z
Red Hat Enterprise Linux 9
squid-7:5.5-6.el9_3.2	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7465	2023-11-22T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
squid-7:5.2-1.el9_0.4	cpe:/a:redhat:rhel_eus:9.0	RHSA-2024:1153	2024-03-05T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
squid-7:5.5-5.el9_2.3	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:0072	2024-01-08T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7465
https://access.redhat.com/errata/RHSA-2023:7668
https://access.redhat.com/errata/RHSA-2024:0072
https://access.redhat.com/errata/RHSA-2024:0397
https://access.redhat.com/errata/RHSA-2024:0771
https://access.redhat.com/errata/RHSA-2024:0772
https://access.redhat.com/errata/RHSA-2024:0773
https://access.redhat.com/errata/RHSA-2024:1153
https://access.redhat.com/security/cve/CVE-2023-5824
https://bugzilla.redhat.com/show_bug.cgi?id=2245914
https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
https://nvd.nist.gov/vuln/detail/CVE-2023-5824
https://www.cve.org/CVERecord?id=CVE-2023-5824

History

Mon, 16 Sep 2024 16:30:00 +0000

Type	Values Removed	Values Added
References	https://security.netapp.com/advisory/ntap-20231130-0003/

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-11-03T07:56:36.369Z

Updated: 2024-09-16T15:58:44.517Z

Reserved: 2023-10-27T09:37:47.593Z

Link: CVE-2023-5824

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-03T08:15:08.270

Modified: 2024-09-16T16:15:09.590

Link: CVE-2023-5824

Redhat

Severity : Important

Publid Date: 2023-10-19T00:00:00Z

Links: CVE-2023-5824 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object