8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.3 High
AI Score
Confidence
High
0.03 Low
EPSS
Percentile
91.0%
squid is vulnerable to a Denial Of Service (DoS). In this scenario, a remote attacker has the potential to execute a buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory. This occurs specifically when Squid is configured to accept HTTP Digest Authentication. Buffer overflow attacks can lead to unauthorized access, code execution, or other security compromises.
access.redhat.com/errata/RHSA-2023:6266
access.redhat.com/errata/RHSA-2023:6267
access.redhat.com/errata/RHSA-2023:6268
access.redhat.com/errata/RHSA-2023:6748
access.redhat.com/errata/RHSA-2023:6801
access.redhat.com/errata/RHSA-2023:6803
access.redhat.com/errata/RHSA-2023:6804
access.redhat.com/errata/RHSA-2023:6805
access.redhat.com/errata/RHSA-2023:6810
access.redhat.com/errata/RHSA-2023:6882
access.redhat.com/errata/RHSA-2023:6884
access.redhat.com/errata/RHSA-2023:7213
access.redhat.com/errata/RHSA-2023:7576
access.redhat.com/errata/RHSA-2023:7578
access.redhat.com/security/cve/CVE-2023-46847
bugzilla.redhat.com/show_bug.cgi?id=2245916
github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
lists.debian.org/debian-lts-announce/2024/01/msg00003.html
security-tracker.debian.org/tracker/CVE-2023-46847
security.netapp.com/advisory/ntap-20231130-0002/
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.3 High
AI Score
Confidence
High
0.03 Low
EPSS
Percentile
91.0%