Test ID:	1.3.6.1.4.1.25623.1.0.151251
Category:	Web Servers
Title:	Squid DoS Vulnerability (GHSA-73m6-jm96-c6r3, SQUID-2023:4)
Summary:	Squid is prone to a denial of service (DoS) vulnerability in; the SSL Certificate validation.
Description:	Summary: Squid is prone to a denial of service (DoS) vulnerability in the SSL Certificate validation. Vulnerability Insight: Due to an Improper Validation of Specified Index bug Squid is vulnerable to a Denial of Service attack against SSL Certificate validation. This flaw was part of the 'Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days' publication in October 2023 and filed as 'Buffer UnderRead in SSL CN Parsing'. Affected Software/OS: Squid version 3.3.0.1 through 6.3. Solution: Update to version 6.4 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-46724 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/ http://www.squid-cache.org/Versions/v5/SQUID-2023_4.patch http://www.squid-cache.org/Versions/v6/SQUID-2023_4.patch https://github.com/squid-cache/squid/commit/b70f864940225dfe69f9f653f948e787f99c3810 https://github.com/squid-cache/squid/security/advisories/GHSA-73m6-jm96-c6r3
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.