Lucene search

K

Redhat.comRH:CVE-2023-46847

HistoryOct 27, 2023 - 8:57 a.m.

CVE-2023-46847

2023-10-2708:57:59

redhat.com

access.redhat.com

61

squid

vulnerability

buffer overflow

remote attacker

heap memory

http digest authentication

denial of service

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.3 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

References

bugzilla.redhat.com/show_bug.cgi?id=2245916

github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g

nvd.nist.gov/vuln/detail/CVE-2023-46847

www.cve.org/CVERecord?id=CVE-2023-46847

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

7.3 High

AI Score

Confidence

High

0.03 Low

EPSS

Percentile

91.0%

Related for RH:CVE-2023-46847

openvas10 nessus36 veracode2 prion1 amazon2 cloudlinux2 cvelist1 redhat14 osv12 centos1 oraclelinux7 alpinelinux1 nvd1 debiancve1 ubuntucve1 redos2 cve1 ubuntu2 almalinux4 rocky3 mageia1 photon3 f51 debian2