CVE-2023-46846

Updated: 2024-11-30 04:18:07.335715

Description:

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 5.3

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU squid 5.5 5.3 MEDIUM Needs Triage 2024-11-25 11:46:30
CentOS 6 ELS squid 3.1.23 5.3 MEDIUM Ignored 2023-12-07 04:09:42
CentOS 6 ELS squid34 3.4.14 5.3 MEDIUM Ignored 2023-11-14 02:26:05
CentOS 8.4 ELS squid 4.11-4 5.3 MEDIUM Released CLSA-2023:1700211046 2023-11-17 04:09:17
CentOS 8.5 ELS squid 4.15-1 5.3 MEDIUM Released CLSA-2023:1700161280 2023-11-16 16:12:45
CloudLinux 6 ELS squid 3.1.23 5.3 MEDIUM Ignored 2023-12-07 04:09:42
CloudLinux 6 ELS squid34 3.4.14 5.3 MEDIUM Ignored 2023-11-14 02:26:05
Oracle Linux 6 ELS squid 3.1.23 5.3 MEDIUM Ignored 2023-12-07 04:09:42
Oracle Linux 6 ELS squid34 3.4.14 5.3 MEDIUM Ignored 2023-11-14 02:26:05
Ubuntu 16.04 ELS squid 3.5.12-1 5.3 MEDIUM Ignored 2023-12-07 04:09:42
Total: 11