CVE-2023-46724
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2023-46724 is a Denial of Service vulnerability affecting Squid versions 3.3.0.1 through 5.9 and 6.0, compiled with `--with-openssl`. Due to an Improper Validation of Specified Index issue, Squid is susceptible to a DoS attack against SSL Certificate validation. A remote server can cause a TLS Handshake failure by providing a specially crafted SSL Certificate during a server certificate chain. This vulnerability only impacts HTTPS and SSL-Bump connections. The issue has been resolved in Squid version 6.4, and patches are available in the Squid patch archives. Users of prepackaged Squid should consult their package vendor for updated packages.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Squid-cache Squid
- Squid Software
Affected Vendors
- Squid Software Foundation