Lucene search

[email protected]CVE-2023-46848

HistoryNov 03, 2023 - 8:15 a.m.

CVE-2023-46848

2023-11-0308:15:08

CWE-681

[email protected]

web.nvd.nist.gov

124

squid

cve

2023

46848

dos

vulnerability

nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.

Affected configurations

NVD

Node

squid-cachesquidRange5.0.3–6.4

Node

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_eusMatch9.2

redhatenterprise_linux_server_ausMatch9.2

redhatenterprise_linux_server_tusMatch9.2

CPENameOperatorVersion
squid-cache:squidsquid-cache squidlt6.4

CPE	Name	Operator	Version
squid-cache:squid	squid-cache squid	lt	6.4

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "squid",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "7:5.5-5.el9_2.1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "squid",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "7:5.5-6.el9_3.1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "squid",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "7:5.2-1.el9_0.3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.0::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "squid",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "squid",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "squid:4/squid",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  }
]