Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-46847

Published: 03/11/2023 Updated: 16/02/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Squid-cache

Vulnerability Summary

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Vulnerable Product Search on Vulmon Subscribe to Product

squid-cache squid

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux 8.0

redhat enterprise linux server tus 8.2

redhat enterprise linux server aus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux server aus 8.4

redhat enterprise linux server aus 8.6

redhat enterprise linux server tus 8.6

redhat enterprise linux eus 8.6

redhat enterprise linux 9.0

redhat enterprise linux eus 9.0

redhat enterprise linux server tus 8.8

redhat enterprise linux eus 8.8

redhat enterprise linux server aus 9.2

redhat enterprise linux eus 9.2

redhat enterprise linux for power little endian 8.0_ppc64le

redhat enterprise linux for ibm z systems 8.0_s390x

redhat enterprise linux for arm 64 8.0_aarch64

redhat enterprise linux server tus 9.2

Vendor Advisories

Debian CVElist Bug Report Logs: squid: CVE-2023-46847: SQUID-2023:3 Denial of Service in HTTP Digest Authentication
Debian Bug report logs - #1055250 squid: CVE-2023-46847: SQUID-2023:3 Denial of Service in HTTP Digest Authentication Package: squid; Maintainer for squid is Luigi Gangitano <luigi@debianorg>; Source for squid is src:squid (PTS, buildd, popcon) Reported by: Andras Korn <korn-debbugs@elanrulezorg> Date: Wed, 25 Oct ...
Red Hat: Critical: squid:4 security update
Synopsis Critical: squid:4 security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Red Hat: Critical: squid:4 security update
Synopsis Critical: squid:4 security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Red Hat: Critical: squid security update
Synopsis Critical: squid security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for squid is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security has rated this ...
Red Hat: Critical: squid security update
Synopsis Critical: squid security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for squid is now available for Red Hat Enterprise Linux 76 Advanced Update SupportRed Hat Product Security has rated this ...
Red Hat: Critical: squid security update
概述 Critical: squid security update 类型/严重性 Security Advisory: Critical Red Hat Insights 补丁分析 识别并修复受此公告影响的系统。 查看受影响的系统 标题 An update for squid is now available for Red Hat Enterprise Linux 77 Advanced Update SupportRed Hat Product Security has rated this update a ...
Red Hat: Critical: squid security update
Synopsis Critical: squid security update Type / Sévérité Security Advisory: Critical Analyse des correctifs dans Red Hat Insights Identifiez et remédiez aux systèmes concernés par cette alerte Voir les systèmes concernés Sujet An update for squid is now available for Red Hat Enterprise Linux 9Red Hat Product Security has r ...
Red Hat: Critical: squid security update
Synopsis Critical: squid security update Type/Severity Security Advisory: Critical Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for squid is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a securi ...
Check Point Security Alerts: Squid Buffer Overflow (CVE-2023-46847)
Check Point Reference: CPAI-2023-1531 Date Published: 18 Feb 2024 Severity: High ...

References

CWE-120https://access.redhat.com/errata/RHSA-2023:6266https://access.redhat.com/errata/RHSA-2023:6267https://access.redhat.com/security/cve/CVE-2023-46847https://access.redhat.com/errata/RHSA-2023:6268https://bugzilla.redhat.com/show_bug.cgi?id=2245916https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4ghttps://access.redhat.com/errata/RHSA-2023:6748https://access.redhat.com/errata/RHSA-2023:6801https://access.redhat.com/errata/RHSA-2023:6803https://access.redhat.com/errata/RHSA-2023:6804https://access.redhat.com/errata/RHSA-2023:6805https://access.redhat.com/errata/RHSA-2023:6810https://access.redhat.com/errata/RHSA-2023:6882https://access.redhat.com/errata/RHSA-2023:6884https://access.redhat.com/errata/RHSA-2023:7213https://access.redhat.com/errata/RHSA-2023:7576https://access.redhat.com/errata/RHSA-2023:7578https://security.netapp.com/advisory/ntap-20231130-0002/https://lists.debian.org/debian-lts-announce/2024/01/msg00003.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055250https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook