Vulnerabilities > CVE-2023-5824 - Improper Handling of Exceptional Conditions vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
squid-cache
redhat
CWE-755

Summary

A flaw was found in Squid. The limits applied for validation of HTTP response headers are applied before caching. However, Squid may grow a cached HTTP response header beyond the configured maximum size, causing a stall or crash of the worker process when a large header is retrieved from the disk cache, resulting in a denial of service.

Vulnerable Configurations

Part Description Count
Application
Squid-Cache
280
OS
Redhat
4