[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2023-46847Date: (C)2023-11-04   (M)2024-05-13


Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score :
Exploit Score: 3.9Exploit Score:
Impact Score: 3.6Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: NONEAvailability:
Integrity: NONE 
Availability: HIGH 
  
Reference:
RHSA-2023:6748
RHSA-2023:6801
RHSA-2023:6803
RHSA-2023:6804
RHSA-2023:6805
RHSA-2023:6810
RHSA-2023:6882
RHSA-2023:6884
RHSA-2023:7213
RHSA-2023:7576
RHSA-2023:7578
https://access.redhat.com/errata/RHSA-2023:6266
https://access.redhat.com/errata/RHSA-2023:6267
https://access.redhat.com/errata/RHSA-2023:6268
https://access.redhat.com/security/cve/CVE-2023-46847
https://bugzilla.redhat.com/show_bug.cgi?id=2245916
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
https://security.netapp.com/advisory/ntap-20231130-0002/

CWE    1
CWE-120
OVAL    36
oval:org.secpod.oval:def:97773
oval:org.secpod.oval:def:1601850
oval:org.secpod.oval:def:1701886
oval:org.secpod.oval:def:97766
...

© SecPod Technologies