Lucene search

GoogleOSV:ALSA-2023:6748

HistoryNov 07, 2023 - 12:00 a.m.

Critical: squid security update

2023-11-0700:00:00

Google

osv.dev

squid

security

update

http

ftp

icap

denial of service

request/response smuggling

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects.

Security Fix(es):

squid: Denial of Service in HTTP Digest Authentication (CVE-2023-46847)
squid: Request/Response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846)
squid: denial of Service in FTP (CVE-2023-46848)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

access.redhat.com/errata/RHSA-2023:6748

access.redhat.com/security/cve/CVE-2023-46846

access.redhat.com/security/cve/CVE-2023-46847

access.redhat.com/security/cve/CVE-2023-46848

bugzilla.redhat.com/2245910

bugzilla.redhat.com/2245916

bugzilla.redhat.com/2245919

errata.almalinux.org/9/ALSA-2023-6748.html

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

6.6 Medium

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

JSON

Related for OSV:ALSA-2023:6748