Lucene search

[email protected]NVD:CVE-2023-46848

HistoryNov 03, 2023 - 8:15 a.m.

CVE-2023-46848

2023-11-0308:15:08

CWE-681

[email protected]

web.nvd.nist.gov

squid

dos

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

Affected configurations

NVD

Node

squid-cachesquidRange5.0.3–6.4

Node

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_eusMatch9.2

redhatenterprise_linux_server_ausMatch9.2

redhatenterprise_linux_server_tusMatch9.2

References

access.redhat.com/errata/RHSA-2023:6266

access.redhat.com/errata/RHSA-2023:6268

access.redhat.com/errata/RHSA-2023:6748

access.redhat.com/security/cve/CVE-2023-46848

bugzilla.redhat.com/show_bug.cgi?id=2245919

github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w

security.netapp.com/advisory/ntap-20231214-0005/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

Related for NVD:CVE-2023-46848

prion1 redhatcve1 ubuntucve1 cvelist1 debiancve1 openvas6 cve1 osv5 alpinelinux1 veracode1 photon2 nessus13 mageia1 almalinux2 redhat3 f51 rocky1 oraclelinux2 redos1 ubuntu1 debian1