CVE-2023-46847

EPSS 50.11%
Veröffentlicht 03.11.2023 08:15:08
Zuletzt bearbeitet 21.11.2024 08:29:25
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Squid is vulnerable to a Denial of Service,  where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Squid-cache ≫ Squid Version >= 3.2.0.1 < 6.4

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux Eus Version8.8

Redhat ≫ Enterprise Linux Eus Version9.0

Redhat ≫ Enterprise Linux Eus Version9.2

Redhat ≫ Enterprise Linux For Arm 64 Version8.0_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server Aus Version9.2

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Enterprise Linux Server Tus Version8.8

Redhat ≫ Enterprise Linux Server Tus Version9.2

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	50.11%	0.978

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com	8.6	3.9	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://access.redhat.com/errata/RHSA-2023:6266

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6267

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6268

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6748

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6801

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:6803

Third Party Advisory