CVE-2023-5824

CVE-2023-5824

Name

CVE-2023-5824

Description

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=2245914
MISC	https://access.redhat.com/security/cve/CVE-2023-5824
MISC	https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255
	https://access.redhat.com/errata/RHSA-2023:7465
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20231130-0003/
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7668
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0072
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0397
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0771
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0772
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0773
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:1153
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html

Type

URI

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=2245914

MISC

https://access.redhat.com/security/cve/CVE-2023-5824

MISC

https://github.com/squid-cache/squid/security/advisories/GHSA-543m-w2m2-g255

https://access.redhat.com/errata/RHSA-2023:7465

secalert@redhat.com

https://security.netapp.com/advisory/ntap-20231130-0003/

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7668

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0072

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0397

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0771

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0772

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0773

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:1153

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:squid-cache:squid::::::::`	squid	>= None	< 6.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

squid

>= None

< 6.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
squid	edge-main	6.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	edge-main	5.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	edge-main	5.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	edge-main	5.0.6-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	edge-main	5.0.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	edge-main	4.13.0-r0	None	possibly vulnerable
squid	edge-main	4.12.0-r0	None	possibly vulnerable
squid	edge-main	4.10-r0	None	possibly vulnerable
squid	edge-main	4.9-r0	None	possibly vulnerable
squid	edge-main	4.8-r0	None	possibly vulnerable
squid	edge-main	3.5.27-r2	None	possibly vulnerable
squid	3.22-main	6.1-r0	None	possibly vulnerable
squid	3.22-main	5.7-r0	None	possibly vulnerable
squid	3.22-main	5.2-r0	None	possibly vulnerable
squid	3.22-main	5.0.6-r0	None	possibly vulnerable
squid	3.22-main	5.0.5-r0	None	possibly vulnerable
squid	3.22-main	4.13.0-r0	None	possibly vulnerable
squid	3.22-main	4.12.0-r0	None	possibly vulnerable
squid	3.22-main	4.10-r0	None	possibly vulnerable
squid	3.22-main	4.9-r0	None	possibly vulnerable
squid	3.22-main	4.8-r0	None	possibly vulnerable
squid	3.22-main	3.5.27-r2	None	possibly vulnerable
squid	3.21-main	6.1-r0	None	possibly vulnerable
squid	3.21-main	5.7-r0	None	possibly vulnerable
squid	3.21-main	5.2-r0	None	possibly vulnerable
squid	3.21-main	5.0.6-r0	None	possibly vulnerable
squid	3.21-main	5.0.5-r0	None	possibly vulnerable
squid	3.21-main	4.13.0-r0	None	possibly vulnerable
squid	3.21-main	4.12.0-r0	None	possibly vulnerable
squid	3.21-main	4.10-r0	None	possibly vulnerable
squid	3.21-main	4.9-r0	None	possibly vulnerable
squid	3.21-main	4.8-r0	None	possibly vulnerable
squid	3.21-main	3.5.27-r2	None	possibly vulnerable
squid	3.20-main	6.1-r0	None	possibly vulnerable
squid	3.20-main	5.7-r0	None	possibly vulnerable
squid	3.20-main	5.2-r0	None	possibly vulnerable
squid	3.20-main	5.0.6-r0	None	possibly vulnerable
squid	3.20-main	5.0.5-r0	None	possibly vulnerable
squid	3.20-main	4.13.0-r0	None	possibly vulnerable
squid	3.20-main	4.12.0-r0	None	possibly vulnerable
squid	3.20-main	4.10-r0	None	possibly vulnerable
squid	3.20-main	4.9-r0	None	possibly vulnerable
squid	3.20-main	4.8-r0	None	possibly vulnerable
squid	3.20-main	3.5.27-r2	None	possibly vulnerable
squid	3.19-main	6.1-r0	None	possibly vulnerable
squid	3.19-main	5.7-r0	None	possibly vulnerable
squid	3.19-main	5.2-r0	None	possibly vulnerable
squid	3.19-main	5.0.6-r0	None	possibly vulnerable
squid	3.19-main	5.0.5-r0	None	possibly vulnerable
squid	3.19-main	4.13.0-r0	None	possibly vulnerable
squid	3.19-main	4.12.0-r0	None	possibly vulnerable
squid	3.19-main	4.10-r0	None	possibly vulnerable
squid	3.19-main	4.9-r0	None	possibly vulnerable
squid	3.19-main	4.8-r0	None	possibly vulnerable
squid	3.19-main	3.5.27-r2	None	possibly vulnerable
squid	3.18-main	5.9-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
squid	3.17-main	5.7-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages