Squid Use After Free Vulnerability - CVE-2023-49288

Squid is a caching proxy for the Web supporting HTTP HTTPS FTP and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Denial of Service attack via collapsed forwarding. All versions of Squid from 3.5 up to and including 5.9 configured with quotcollapsed_forwarding onquot are vulnerable. Configurations with quotcollapsed_forwarding offquot or without a quotcollapsed_forwardingquot directive are not vulnerable. This bug is fixed by Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should remove all collapsed_forwarding lines from their squid.conf.