1. Home
  2. Vulnerabilities
  3. CVE-2023-46848

CVE-2023-46848

CVSS v3.1 7.5 (High)
75% Progress
EPSS 1.36 % (87th)
1.36% Progress
Affected Products 5
Advisories 12
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

Weaknesses
CWE-681
Incorrect Conversion between Numeric Types
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2023-11-03 08:15:08
(10 months ago)
Updated Date
2023-12-14 10:15:08
(9 months ago)

Affected Products

Redhat

Squid-cache

Configuration #1

    CPE23 From Up To
  Squid-cache Squid from 5.0.3 version and prior 6.4 version cpe:2.3:a:squid-cache:squid >= 5.0.3 < 6.4

Configuration #2

    CPE23 From Up To
  Redhat Enterprise Linux 9.0 cpe:2.3:o:redhat:enterprise_linux:9.0
  Redhat Enterprise Linux Eus 9.2 cpe:2.3:o:redhat:enterprise_linux_eus:9.2
  Redhat Enterprise Linux Server Aus 9.2 cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2
  Redhat Enterprise Linux Server Tus 9.2 cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2