Lucene search
F5F5:K000137864HistoryDec 11, 2023 - 12:00 a.m.
K000137864 : Squid vulnerabilities CVE-2023-46846, CVE-2023-46847, CVE-2023-46848
2023-12-1100:00:00
my.f5.com
28
squid
http
request smuggling
dos
vulnerabilities
buffer overflow
remote attacker
security advisory
Security Advisory Description
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
redhat
redhat
(RHSA-2023:6268) Critical: squid security update
2023-11-02 09:34:15
(RHSA-2023:6266) Critical: squid security update
2023-11-02 09:25:23
(RHSA-2023:6748) Critical: squid security update
2023-11-07 10:08:53
oraclelinux
oraclelinux
squid security update
2023-11-03 00:00:00
squid security update
2023-11-16 00:00:00
squid:4 security update
2023-11-22 00:00:00
nessus
nessus
Oracle Linux 9 : squid (ELSA-2023-6748)
2023-11-16 00:00:00
AlmaLinux 9 : squid (ALSA-2023:6266)
2023-11-03 00:00:00
RHEL 9 : squid (RHSA-2023:6748)
2023-11-07 00:00:00
almalinux
almalinux
Critical: squid security update
2023-11-02 00:00:00
Critical: squid security update
2023-11-07 00:00:00
Critical: squid:4 security update
2023-11-02 00:00:00
osv
osv
Critical: squid security update
2023-11-02 00:00:00
Critical: squid security update
2023-11-07 00:00:00
Critical: squid security update
2023-11-11 23:00:06
rocky
rocky
squid security update
2023-11-11 23:00:06
squid:4 security update
2023-11-28 22:43:02
squid:4 security update
2023-11-11 22:59:08
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0315)
2023-11-10 00:00:00
openSUSE: Security Advisory for squid (SUSE-SU-2023:4380-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4381-1)
2023-11-07 00:00:00
mageia
mageia
Updated squid packages fix security vulnerabilities
2023-11-10 02:37:11
redos
redos
ROS-20231115-01
2023-11-15 00:00:00
ROS-20240521-02
2024-05-21 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2023-11-21 00:00:00
Squid vulnerabilities
2023-12-11 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2477
2024-09-25 09:36:11
ubuntucve
ubuntucve
redhatcve
redhatcve
debian
debian
[SECURITY] [DLA 3709-2] squid regression update
2024-01-22 18:56:25
[SECURITY] [DLA 3709-1] squid security update
2024-01-09 00:08:19
[SECURITY] [DSA 5637-1] squid security update
2024-03-08 14:36:16
prion
prion
Design/Logic Flaw
2023-11-03 08:15:00
Buffer overflow
2023-11-03 08:15:00
Input validation
2023-11-03 08:15:00
cvelist
cvelist
CVE-2023-46846 Squid: request/response smuggling in http/1.1 and icap
2023-11-03 07:33:16
CVE-2023-46847 Squid: denial of service in http digest authentication
2023-11-03 07:58:05
CVE-2023-46848 Squid: denial of service in ftp
2023-11-03 07:58:05
debiancve
debiancve
veracode
veracode
HTTP Request Smuggling
2023-11-12 18:41:49
Denial Of Service (DoS)
2023-11-12 18:41:45
Denial Of Service (DoS)
2023-11-23 11:24:39
amazon
amazon
Important: squid
2024-04-25 16:04:00
Critical: squid
2023-10-25 21:15:00
Important: squid
2024-03-27 21:32:00
alpinelinux
alpinelinux
centos
centos
squid security update
2024-01-12 19:20:23
cloudlinux
cloudlinux
squid: Fix of CVE-2023-46847
2023-11-16 19:53:20
squid34: Fix of CVE-2023-46847
2023-11-29 19:34:27
cve
cve
nvd
nvd
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0698
2023-12-10 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0689
2023-11-21 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0154
2023-11-24 00:00:00