CVE-2023-46728

CVE-2023-46728

Name

CVE-2023-46728

Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
CONFIRM	https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f
security-advisories@github.com	https://security.netapp.com/advisory/ntap-20231214-0006/
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/
security-advisories@github.com	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html

Type

URI

MISC

https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3

CONFIRM

https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f

security-advisories@github.com

https://security.netapp.com/advisory/ntap-20231214-0006/

security-advisories@github.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/

security-advisories@github.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html

CPE URI	Source package	Min version	Max version
	squid	>= 0	< 6.0.1

CPE URI

Source package

Min version

Max version

squid

>= 0

< 6.0.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
squid	edge-main	5.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	edge-main	5.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	edge-main	5.0.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	edge-main	5.0.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	edge-main	4.13.0-r0	None	possibly vulnerable
squid	edge-main	4.12.0-r0	None	possibly vulnerable
squid	edge-main	4.10-r0	None	possibly vulnerable
squid	edge-main	4.9-r0	None	possibly vulnerable
squid	edge-main	4.8-r0	None	possibly vulnerable
squid	edge-main	3.5.27-r2	None	possibly vulnerable
squid	3.22-main	5.7-r0	None	possibly vulnerable
squid	3.22-main	5.2-r0	None	possibly vulnerable
squid	3.22-main	5.0.6-r0	None	possibly vulnerable
squid	3.22-main	5.0.5-r0	None	possibly vulnerable
squid	3.22-main	4.13.0-r0	None	possibly vulnerable
squid	3.22-main	4.12.0-r0	None	possibly vulnerable
squid	3.22-main	4.10-r0	None	possibly vulnerable
squid	3.22-main	4.9-r0	None	possibly vulnerable
squid	3.22-main	4.8-r0	None	possibly vulnerable
squid	3.22-main	3.5.27-r2	None	possibly vulnerable
squid	3.21-main	5.7-r0	None	possibly vulnerable
squid	3.21-main	5.2-r0	None	possibly vulnerable
squid	3.21-main	5.0.6-r0	None	possibly vulnerable
squid	3.21-main	5.0.5-r0	None	possibly vulnerable
squid	3.21-main	4.13.0-r0	None	possibly vulnerable
squid	3.21-main	4.12.0-r0	None	possibly vulnerable
squid	3.21-main	4.10-r0	None	possibly vulnerable
squid	3.21-main	4.9-r0	None	possibly vulnerable
squid	3.21-main	4.8-r0	None	possibly vulnerable
squid	3.21-main	3.5.27-r2	None	possibly vulnerable
squid	3.20-main	5.7-r0	None	possibly vulnerable
squid	3.20-main	5.2-r0	None	possibly vulnerable
squid	3.20-main	5.0.6-r0	None	possibly vulnerable
squid	3.20-main	5.0.5-r0	None	possibly vulnerable
squid	3.20-main	4.13.0-r0	None	possibly vulnerable
squid	3.20-main	4.12.0-r0	None	possibly vulnerable
squid	3.20-main	4.10-r0	None	possibly vulnerable
squid	3.20-main	4.9-r0	None	possibly vulnerable
squid	3.20-main	4.8-r0	None	possibly vulnerable
squid	3.20-main	3.5.27-r2	None	possibly vulnerable
squid	3.19-main	5.7-r0	None	possibly vulnerable
squid	3.19-main	5.2-r0	None	possibly vulnerable
squid	3.19-main	5.0.6-r0	None	possibly vulnerable
squid	3.19-main	5.0.5-r0	None	possibly vulnerable
squid	3.19-main	4.13.0-r0	None	possibly vulnerable
squid	3.19-main	4.12.0-r0	None	possibly vulnerable
squid	3.19-main	4.10-r0	None	possibly vulnerable
squid	3.19-main	4.9-r0	None	possibly vulnerable
squid	3.19-main	4.8-r0	None	possibly vulnerable
squid	3.19-main	3.5.27-r2	None	possibly vulnerable
squid	3.18-main	5.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	3.17-main	5.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages