CVE-2023-46728 is a vulnerability identified in the Squid caching proxy software, specifically affecting versions prior to 6.0.1. Squid supports multiple protocols including HTTP, HTTPS, FTP, and Gopher. The vulnerability arises from a NULL pointer dereference within Squid's Gopher gateway implementation, classified under CWE-476. This bug can be triggered remotely without authentication or user interaction by sending specially crafted Gopher protocol responses to the proxy. Because Gopher support is enabled by default in affected versions, any Gopher server response—even from non-malicious servers—can cause Squid to dereference a NULL pointer, leading to a crash and resulting in a denial of service (DoS). The impact is limited to availability; confidentiality and integrity are not affected. The vulnerability has a CVSS 3.1 base score of 7.5, reflecting high severity due to network attack vector, low attack complexity, and no privileges or user interaction required. Squid 6.0.1 addresses this issue by removing Gopher support entirely, eliminating the attack surface. For users who cannot upgrade immediately, the recommended mitigation is to reject all Gopher URL requests to prevent triggering the bug. No exploits have been reported in the wild so far, but the vulnerability's characteristics make it a credible threat to proxy availability.

For European organizations, the primary impact of CVE-2023-46728 is the potential for denial of service on Squid proxy servers, which are widely used for web caching, content filtering, and access control. Disruption of Squid services can degrade network performance, interrupt user access to web resources, and impact business continuity. This is particularly critical for organizations relying on Squid proxies as a central component of their network infrastructure, including ISPs, educational institutions, government agencies, and enterprises. Since the vulnerability can be triggered remotely without authentication, attackers can cause service outages with minimal effort. Although no data confidentiality or integrity loss occurs, availability degradation can lead to operational disruptions and increased support costs. European organizations with strict uptime requirements or regulatory obligations for service availability must address this vulnerability promptly. The removal of Gopher support in newer versions also reduces attack surface, but legacy systems remain at risk if not updated or properly configured.

1. Upgrade Squid to version 6.0.1 or later, which removes Gopher support and fixes the vulnerability. 2. If immediate upgrade is not feasible, configure Squid to reject or block all Gopher protocol URL requests to prevent triggering the NULL pointer dereference. This can be done by adjusting access control lists (ACLs) or filtering rules to deny gopher:// URLs. 3. Monitor network traffic for unusual Gopher protocol requests or spikes that could indicate exploitation attempts. 4. Implement network-level filtering to block outbound and inbound Gopher traffic where it is not required, reducing exposure. 5. Regularly audit proxy configurations and logs to detect potential crashes or service interruptions related to this vulnerability. 6. Plan for timely patch management and vulnerability scanning to identify and remediate outdated Squid installations. 7. Educate network administrators about the risks associated with legacy protocols like Gopher and the importance of disabling unused services. These targeted steps go beyond generic advice by focusing on protocol-specific controls and operational monitoring.