1. Home
  2. Vulnerabilities
  3. CVE-2023-46847

CVE-2023-46847

CVSS v3.1 7.5 (High)
75% Progress
EPSS 3.02 % (91th)
3.02% Progress
Affected Products 10
Advisories 24
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Weaknesses
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2023-11-03 08:15:08
(10 months ago)
Updated Date
2024-02-16 15:22:41
(7 months ago)

Affected Products

Redhat

Squid-cache

Configuration #1

    CPE23 From Up To
  Squid-cache Squid from 3.2.0.1 version and prior 6.4 version cpe:2.3:a:squid-cache:squid >= 3.2.0.1 < 6.4

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux 8.0 cpe:2.3:o:redhat:enterprise_linux:8.0
  Redhat Enterprise Linux 9.0 cpe:2.3:o:redhat:enterprise_linux:9.0
  Redhat Enterprise Linux Eus 8.6 cpe:2.3:o:redhat:enterprise_linux_eus:8.6
  Redhat Enterprise Linux Eus 8.8 cpe:2.3:o:redhat:enterprise_linux_eus:8.8
  Redhat Enterprise Linux Eus 9.0 cpe:2.3:o:redhat:enterprise_linux_eus:9.0
  Redhat Enterprise Linux Eus 9.2 cpe:2.3:o:redhat:enterprise_linux_eus:9.2
  Redhat Enterprise Linux for Arm 64 8.0 Aarch64 cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64
  Redhat Enterprise Linux for Ibm Z Systems 8.0 S390x cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x
  Redhat Enterprise Linux for Power Little Endian 8.0 Ppc64le cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le
  Redhat Enterprise Linux Server 7.0 cpe:2.3:o:redhat:enterprise_linux_server:7.0
  Redhat Enterprise Linux Server Aus 8.2 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2
  Redhat Enterprise Linux Server Aus 8.4 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4
  Redhat Enterprise Linux Server Aus 8.6 cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6
  Redhat Enterprise Linux Server Aus 9.2 cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2
  Redhat Enterprise Linux Server Tus 8.2 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2
  Redhat Enterprise Linux Server Tus 8.4 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4
  Redhat Enterprise Linux Server Tus 8.6 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6
  Redhat Enterprise Linux Server Tus 8.8 cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8
  Redhat Enterprise Linux Server Tus 9.2 cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2
  Redhat Enterprise Linux Workstation 7.0 cpe:2.3:o:redhat:enterprise_linux_workstation:7.0