{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-5824", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-10-27T09:37:47.593Z", "datePublished": "2023-11-03T07:56:36.369Z", "dateUpdated": "2025-11-06T20:51:27.614Z"}, "containers": {"cna": {"title": "Squid: dos against http and https", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid:4", "defaultStatus": "affected", "versions": [{"version": "8090020231130092412.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid:4", "defaultStatus": "affected", "versions": [{"version": "8020020240122164331.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid:4", "defaultStatus": "affected", "versions": [{"version": "8020020240122164331.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid:4", "defaultStatus": "affected", "versions": [{"version": "8020020240122164331.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid:4", "defaultStatus": "affected", "versions": [{"version": "8040020240122165847.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid:4", "defaultStatus": "affected", "versions": [{"version": "8040020240122165847.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid:4", "defaultStatus": "affected", "versions": [{"version": "8040020240122165847.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid:4", "defaultStatus": "affected", "versions": [{"version": "8060020231222131040.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid:4", "defaultStatus": "affected", "versions": [{"version": "8080020231222130009.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid", "defaultStatus": "affected", "versions": [{"version": "7:5.5-6.el9_3.2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid", "defaultStatus": "affected", "versions": [{"version": "7:5.2-1.el9_0.4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid", "defaultStatus": "affected", "versions": [{"version": "7:5.5-5.el9_2.3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "squid", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7465", "name": "RHSA-2023:7465", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7668", "name": "RHSA-2023:7668", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0072", "name": "RHSA-2024:0072", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0397", "name": "RHSA-2024:0397", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0771", "name": "RHSA-2024:0771", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0772", "name": "RHSA-2024:0772", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0773", "name": "RHSA-2024:0773", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1153", "name": "RHSA-2024:1153", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5824", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914", "name": "RHBZ#2245914", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"}], "datePublic": "2023-10-19T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "Improper Handling of Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-755: Improper Handling of Exceptional Conditions", "workarounds": [{"lang": "en", "value": "Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the 'cache_dir' directives from the Squid configuration, typically in the /etc/squid/squid.conf file."}], "timeline": [{"lang": "en", "time": "2023-10-24T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-10-19T00:00:00+00:00", "value": "Made public."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-06T20:51:27.614Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7465", "name": "RHSA-2023:7465", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7668", "name": "RHSA-2023:7668", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0072", "name": "RHSA-2024:0072", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0397", "name": "RHSA-2024:0397", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0771", "name": "RHSA-2024:0771", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0772", "name": "RHSA-2024:0772", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0773", "name": "RHSA-2024:0773", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:1153", "name": "RHSA-2024:1153", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5824", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914", "name": "RHBZ#2245914", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231130-0003/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T18:08:10.691Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D384D1F-2A05-4EE0-9CB8-C83FDC53F608", "versionEndExcluding": "6.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service."}, {"lang": "es", "value": "Squid es vulnerable a ataques de Denegaci\u00f3n de Servicio contra clientes HTTP y HTTPS debido a un error en el manejo inadecuado de elementos estructurales."}], "id": "CVE-2023-5824", "lastModified": "2025-11-03T19:15:42.437", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-03T08:15:08.270", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7465"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7668"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0072"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0397"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0771"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0772"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0773"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:1153"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5824"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7465"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7668"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0072"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0397"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0773"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:1153"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5824"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20231130-0003/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7668", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "squid:4-8090020231130092412.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2024:0772", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "squid:4-8020020240122164331.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0772", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "squid:4-8020020240122164331.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0772", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "squid:4-8020020240122164331.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0773", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "squid:4-8040020240122165847.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0773", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "squid:4-8040020240122165847.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0773", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "squid:4-8040020240122165847.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0771", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "squid:4-8060020231222131040.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-02-12T00:00:00Z"}, {"advisory": "RHSA-2024:0397", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "squid:4-8080020231222130009.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-01-24T00:00:00Z"}, {"advisory": "RHSA-2023:7465", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "squid-7:5.5-6.el9_3.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-22T00:00:00Z"}, {"advisory": "RHSA-2024:1153", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "squid-7:5.2-1.el9_0.4", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2024-03-05T00:00:00Z"}, {"advisory": "RHSA-2024:0072", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "squid-7:5.5-5.el9_2.3", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-01-08T00:00:00Z"}], "bugzilla": {"description": "squid: DoS against HTTP and HTTPS", "id": "2245914", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245914"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-755", "details": ["A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.", "A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the 'cache_dir' directives from the Squid configuration, typically in the /etc/squid/squid.conf file."}, "name": "CVE-2023-5824", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "squid", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-10-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5824\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5824\nhttps://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255"], "statement": "This vulnerability only affects configurations with the `cache_dir` directive enabled. If this directive is not enabled, the Squid server is not vulnerable and no further mitigation is needed. For more information about the mitigation, see the mitigation section below.\nThe `cache_dir` directive is disabled by default in Squid shipped in Red Hat Enterprise Linux 6, 7, 8 and 9. Therefore, these Red Hat Enterprise Linux versions are not vulnerable with the default configuration.\nRed Hat is not planning to address this issue in Red Hat Enterprise Linux 6 and 7 due to the changes required and the magnitude of the differences between Squid 3 and 4 code bases, backporting the changes to the Squid 3 code base has not been feasible.\nWe recommend that customers using Squid as a caching proxy on Red Hat Enterprise Linux 6 and 7 to upgrade to Red Hat Enterprise Linux 8 and 9 to use Squid version 4 or version 5, respectively. Alternatively, see the mitigation section below for a way to workaround this vulnerability.", "threat_severity": "Important"}

{}