{"uuid": "8e2ab248-adac-4c17-848b-d028ca800aad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46724", "type": "seen", "source": "https://t.me/arpsyndicate/588", "content": "#ExploitObserverAlert\n\nCVE-2023-46724\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-46724. Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.\n\nFIRST-EPSS: 0.003740000\nNVD-IS: 3.6\nNVD-ES: 3.9", "creation_timestamp": "2023-11-26T06:54:24.000000Z"}