CVE-2023-46847

Updated: 2024-11-21 20:42:02.196684

Description:

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU squid 5.5 7.5 HIGH In Testing 2024-11-27 11:54:48
CentOS 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2023:1700164396 2023-11-30 13:14:42
CentOS 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2023:1701286463 2023-12-08 16:10:04
CentOS 8.4 ELS squid 4.11-4 7.5 HIGH Released CLSA-2023:1700211046 2023-11-17 04:09:16
CentOS 8.5 ELS squid 4.15-1 7.5 HIGH Released CLSA-2023:1700161280 2023-11-16 16:12:42
CloudLinux 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2023:1701376570 2023-12-11 08:42:58
CloudLinux 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2023:1700164554 2023-11-30 13:14:41
Oracle Linux 6 ELS squid34 3.4.14 7.5 HIGH Released CLSA-2023:1701284898 2023-11-29 16:09:38
Oracle Linux 6 ELS squid 3.1.23 7.5 HIGH Released CLSA-2023:1700164647 2023-11-16 16:12:40
Ubuntu 16.04 ELS squid 3.5.12-1 7.5 HIGH Released CLSA-2023:1700161185 2023-11-16 16:12:43
Total: 11