CVE-2023-50269

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Dec 14, 2023
Updated: Jan 19, 2024
CWE ID 674

Summary

CVE-2023-50269 is a Denial of Service vulnerability affecting various versions of Squid, a popular caching proxy for the web. The uncontrolled recursion bug, present in versions 2.6 through 2.7.STABLE9, 3.1 through 5.9, and 6.0.1 through 6.5, exposes Squid to DoS attacks by allowing remote clients to send oversized X-Forwarded-For headers. This issue can be exploited when the follow_x_forwarded_for feature is enabled. Version 6.6 of Squid includes the necessary patch to resolve this vulnerability, and patches for older versions can be found in Squid's patch archives.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Squid Software
  • Squid-cache Squid

Affected Vendors

  • Squid Software Foundation