Debian: Apache Critical RCE DoS Security Patch DLA-4312-1 CVE-2023-5825
debian lts
September 27, 2025
Three security issues were discovered in the Squid proxy caching server, which could result in the execution of arbitrary code, information disclosure or denial of service
Topics Covered
Summary
CVE-2023-5824
A flaw was found in Squid. The limits applied for validation of HTTP
response headers are applied before caching. However,
Squid may grow a cached HTTP response header beyond the configured
maximum size, causing a stall or crash of the worker process when a
large header is retrieved from the disk cache, resulting in a denial
of service.
CVE-2023-46728
Due to a NULL pointer dereference bug Squid is vulnerable to a
Denial of Service attack against Squid's Gopher gateway.
The obsolete gopher protocol, even if non functional,
was always available and enabled.
Responses triggering this bug are possible to be received
from any gopher server, even those without malicious intent.
Gopher support (already non functional) has been removed to fix
this CVE.
Note that gopher was deprecated and major browsers removed it,
long time ago.
CVE-2025-54574
Squid is vulnerable to a heap buffer overflow and possible remote
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Package: squid
Version: 4.13-10+deb11u5
CVE ID: CVE-2023-5824 CVE-2023-46728 CVE-2025-54574
Debian Bug: 1055249
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!