CVE-2023-46847

Name
CVE-2023-46847
Description
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://access.redhat.com/errata/RHSA-2023:6266
MISC https://access.redhat.com/errata/RHSA-2023:6267
MISC https://access.redhat.com/security/cve/CVE-2023-46847
MISC https://access.redhat.com/errata/RHSA-2023:6268
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2245916
MISC https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
https://access.redhat.com/errata/RHSA-2023:6748
https://access.redhat.com/errata/RHSA-2023:6801
https://access.redhat.com/errata/RHSA-2023:6803
https://access.redhat.com/errata/RHSA-2023:6804
https://access.redhat.com/errata/RHSA-2023:6805
https://access.redhat.com/errata/RHSA-2023:6810
Third Party Advisory https://access.redhat.com/errata/RHSA-2023:6882
Third Party Advisory https://access.redhat.com/errata/RHSA-2023:6884
https://access.redhat.com/errata/RHSA-2023:7213
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7576
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7578
secalert@redhat.com https://security.netapp.com/advisory/ntap-20231130-0002/
secalert@redhat.com https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:* squid >= 3.2.0.1 < 6.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
squid 3.18-main 5.9-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.17-main 5.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.15-main 5.2-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
squid 3.16-main 5.5-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable