vulnerability

Debian: CVE-2023-46728: squid -- security update

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

Nov 6, 2023

Added

May 15, 2025

Modified

Mar 30, 2026

Description

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.

Solution

debian-upgrade-squid

References

CVE-2023-46728
https://attackerkb.com/topics/CVE-2023-46728
CWE-476
DEBIAN-DLA-4312-1
EUVD-EUVD-2023-50910
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-50910

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report