8.6
CVE-2023-46848
- EPSS 8.23%
- Veröffentlicht 03.11.2023 08:15:08
- Zuletzt bearbeitet 21.11.2024 08:29:25
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Squid-cache ≫ Squid Version >= 5.0.3 < 6.4
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Eus Version9.2
Redhat ≫ Enterprise Linux Server Aus Version9.2
Redhat ≫ Enterprise Linux Server Tus Version9.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.23% | 0.919 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| secalert@redhat.com | 8.6 | 3.9 | 4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
|
CWE-681 Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.