Lucene search

[email protected]NVD:CVE-2023-46847

HistoryNov 03, 2023 - 8:15 a.m.

CVE-2023-46847

2023-11-0308:15:08

CWE-120

[email protected]

web.nvd.nist.gov

squid

buffer overflow

http digest authentication

denial of service

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.2 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Affected configurations

NVD

Node

squid-cachesquidRange3.2.0.1–6.4

Node

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_eusMatch8.6

redhatenterprise_linux_eusMatch8.8

redhatenterprise_linux_eusMatch9.0

redhatenterprise_linux_eusMatch9.2

redhatenterprise_linux_for_arm_64Match8.0_aarch64

redhatenterprise_linux_for_ibm_z_systemsMatch8.0_s390x

redhatenterprise_linux_for_power_little_endianMatch8.0_ppc64le

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_ausMatch8.6

redhatenterprise_linux_server_ausMatch9.2

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_tusMatch8.4

redhatenterprise_linux_server_tusMatch8.6

redhatenterprise_linux_server_tusMatch8.8

redhatenterprise_linux_server_tusMatch9.2

redhatenterprise_linux_workstationMatch7.0

References

access.redhat.com/errata/RHSA-2023:6266

access.redhat.com/errata/RHSA-2023:6267

access.redhat.com/errata/RHSA-2023:6268

access.redhat.com/errata/RHSA-2023:6748

access.redhat.com/errata/RHSA-2023:6801

access.redhat.com/errata/RHSA-2023:6803

access.redhat.com/errata/RHSA-2023:6804

access.redhat.com/errata/RHSA-2023:6805

access.redhat.com/errata/RHSA-2023:6810

access.redhat.com/errata/RHSA-2023:6882

access.redhat.com/errata/RHSA-2023:6884

access.redhat.com/errata/RHSA-2023:7213

access.redhat.com/errata/RHSA-2023:7576

access.redhat.com/errata/RHSA-2023:7578

access.redhat.com/security/cve/CVE-2023-46847

bugzilla.redhat.com/show_bug.cgi?id=2245916

github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g

lists.debian.org/debian-lts-announce/2024/01/msg00003.html

security.netapp.com/advisory/ntap-20231130-0002/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

9.2 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for NVD:CVE-2023-46847

nessus36 redhat14 amazon2 cvelist1 cloudlinux2 veracode2 prion1 openvas10 debiancve1 ubuntucve1 alpinelinux1 osv12 centos1 oraclelinux7 redhatcve1 redos2 cve1 ubuntu2 almalinux4 rocky3 photon3 mageia1 f51 debian2