admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 10:41:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-50269.md

18 lines
1.1 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-50269](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50269)
![](https://img.shields.io/static/v1?label=Product&message=squid&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.6%2C%20%3C%3D%202.7.STABLE9%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen)
### Description
Squid is a caching proxy for the Web. Due to an Uncontrolled Recursion bug in versions 2.6 through 2.7.STABLE9, versions 3.1 through 5.9, and versions 6.0.1 through 6.5, Squid may be vulnerable to a Denial of Service attack against HTTP Request parsing. This problem allows a remote client to perform Denial of Service attack by sending a large X-Forwarded-For header when the follow_x_forwarded_for feature is configured. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/MegaManSec/Squid-Security-Audit
Reference in New Issue Copy Permalink