Description: a) Due to an Incorrect Conversion between Numeric Types bug Squid is vulnerable to a Denial of Service attack against FTP Native Relay input validation. b) Due to an Incorrect Conversion between Numeric Types bug Squid is vulnerable to a Denial of Service attack against ftp:// URL validation and access control. Reference: https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w Affected versions: 5.0.3-5.9, 6.0-6.3
Created squid tracking bugs for this issue: Affects: fedora-all [bug 2245920]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6266 https://access.redhat.com/errata/RHSA-2023:6266
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:6268 https://access.redhat.com/errata/RHSA-2023:6268
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:6748 https://access.redhat.com/errata/RHSA-2023:6748
Heya rob, could you drop an NVD email as to why the CVSS scope is marked as Changed?