Bug 2248521 (CVE-2023-46728)

Summary: CVE-2023-46728 squid: NULL pointer dereference in the gopher protocol code
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: squid 6.0.1 Doc Type: ---
Doc Text:
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid. This issue may lead to a remote denial of service via gopher URL requests.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2250230, 2250231, 2250229    
Bug Blocks: 2248523    

Description Pedro Sampaio 2023-11-07 14:20:18 UTC
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.

References:

https://github.com/squid-cache/squid/commit/6ea12e8fb590ac6959e9356a81aa3370576568c3
https://github.com/squid-cache/squid/security/advisories/GHSA-cg5h-v6vc-w33f

Comment 2 Sandipan Roy 2023-11-17 07:10:57 UTC
Created clustal-omega tracking bugs for this issue:

Affects: epel-all [bug 2250231]
Affects: fedora-all [bug 2250230]


Created squid tracking bugs for this issue:

Affects: fedora-all [bug 2250229]

Comment 4 errata-xmlrpc 2024-01-03 21:05:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2024:0046 https://access.redhat.com/errata/RHSA-2024:0046

Comment 5 errata-xmlrpc 2024-01-08 08:19:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2024:0072 https://access.redhat.com/errata/RHSA-2024:0072

Comment 6 errata-xmlrpc 2024-01-08 08:19:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2024:0071 https://access.redhat.com/errata/RHSA-2024:0071

Comment 7 errata-xmlrpc 2024-01-24 12:22:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2024:0397 https://access.redhat.com/errata/RHSA-2024:0397

Comment 8 errata-xmlrpc 2024-02-12 08:35:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:0772 https://access.redhat.com/errata/RHSA-2024:0772

Comment 9 errata-xmlrpc 2024-02-12 08:37:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0773 https://access.redhat.com/errata/RHSA-2024:0773

Comment 10 errata-xmlrpc 2024-02-12 08:39:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0771 https://access.redhat.com/errata/RHSA-2024:0771

Comment 11 errata-xmlrpc 2024-03-05 18:00:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:1153 https://access.redhat.com/errata/RHSA-2024:1153

Comment 14 errata-xmlrpc 2024-04-11 16:43:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:1787 https://access.redhat.com/errata/RHSA-2024:1787