Lucene search

K

Ubuntu.comUB:CVE-2023-46848

HistoryNov 03, 2023 - 12:00 a.m.

CVE-2023-46848

2023-11-0300:00:00

ubuntu.com

ubuntu.com

11

squid

denial of service

ftp

http

dos

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

Squid is vulnerable to Denial of Service, where a remote attacker can
perform DoS by sending ftp:// URLs in HTTP Request messages or constructing
ftp:// URLs from FTP Native input.

Bugs

Notes

Author	Note
mdeslaur	only affects 5.0.3+

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchsquid< 5.7-0ubuntu0.22.04.2UNKNOWN
ubuntu23.04noarchsquid< 5.7-1ubuntu3.1UNKNOWN
ubuntu23.10noarchsquid< 6.1-2ubuntu1.1UNKNOWN

References

github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w

launchpad.net/bugs/cve/CVE-2023-46848

lists.squid-cache.org/pipermail/squid-announce/2023-October/000157.html

megamansec.github.io/Squid-Security-Audit/ftp-assert.html

nvd.nist.gov/vuln/detail/CVE-2023-46848

security-tracker.debian.org/tracker/CVE-2023-46848

ubuntu.com/security/notices/USN-6500-1

www.cve.org/CVERecord?id=CVE-2023-46848

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.3%

Related for UB:CVE-2023-46848

prion1 redhatcve1 cvelist1 nvd1 debiancve1 osv5 openvas6 cve1 alpinelinux1 veracode1 photon2 nessus13 redhat3 mageia1 almalinux2 oraclelinux2 f51 rocky1 redos1 ubuntu1 debian1