8.6

CVE-2023-46847

Squid: denial of service in http digest authentication

Squid is vulnerable to a Denial of Service,  where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 85.94% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com 8.6 3.9 4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.

https://access.redhat.com/errata/RHSA-2023:6266
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6267
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6268
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6748
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6801
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6803
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6804
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6810
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7213
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
https://security.netapp.com/advisory/ntap-20231130-0002/
https://access.redhat.com/errata/RHSA-2023:6805
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6882
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6884
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7576
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7578
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-46847
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2245916
Third Party Advisory
Issue Tracking
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
Vendor Advisory