CVE-2023-5824

Note

as of 2023-12-05, this is not fixed in the upstream 5.x
repository. The patches to fix this issue are large and
intrusive.
Per the researcher's advisory, "Of course, such 'attacks' are
completely theoretical and are only considered for entertainment
purposes."
This CVE will be marked as deferred until a backport to 5.x is
available.

Package	Release	Status
squid Launchpad, Ubuntu, Debian	trusty	Ignored (end of standard support)
	xenial	Ignored (end of standard support)
	bionic	Ignored (end of standard support)
	focal	Deferred (2023-12-05)
	jammy	Deferred (2023-12-05)
	lunar	Deferred (2023-12-05)
	mantic	Deferred (2023-12-05)
	upstream	Released (6.5)
	Patches: upstream: https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988 (6.x) upstream: https://github.com/squid-cache/squid/commit/57acdb7dcec38605ede048db82b495ba316e6311 (6.x) upstream: https://github.com/squid-cache/squid/commit/2f3efe5d9e1c9444cb3f95fc09cbbf52985f37bf (6.x)
squid3 Launchpad, Ubuntu, Debian	trusty	Ignored (end of standard support)
	focal	Does not exist
	jammy	Does not exist
	lunar	Does not exist
	mantic	Does not exist
	upstream	Needs triage
	bionic	Deferred (2023-12-05)
	xenial	Deferred (2023-12-05)

Parameter	Value
Base score	7.5
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	None
Integrity impact	None
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Security

CVE-2023-5824

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading