CVE-2023-5824

Summary

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 88090020231130092412.a75119d5 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support8020020240122164331.4cda2c84 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Telecommunications Update Service8020020240122164331.4cda2c84 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Update Services for SAP Solutions8020020240122164331.4cda2c84 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support8040020240122165847.522a0ee4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service8040020240122165847.522a0ee4 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions8040020240122165847.522a0ee4 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support8060020231222131040.ad008a3a < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support8080020231222130009.63b34585 < *unaffected
Red HatRed Hat Enterprise Linux 97:5.5-6.el9_3.2 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support7:5.2-1.el9_0.4 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Extended Update Support7:5.5-5.el9_2.3 < *unaffected

Weaknesses

  • CWE-755: Improper Handling of Exceptional Conditions

Workarounds

Disabling the disk caching mechanism will mitigate this vulnerability. To achieve this, remove all the 'cache_dir' directives from the Squid configuration, typically in the /etc/squid/squid.conf file.

ADP Enrichment

CVE Program Container

Additional References

References