Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-46847

Опубликовано: 03 нояб. 2023
Источник: nvd
CVSS3: 8.6
CVSS3: 7.5
EPSS Средний

Описание

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Версия от 3.2.0.1 (включая) до 6.4 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 98%
0.50113
Средний

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-120
CWE-120

Связанные уязвимости

ubuntu логотип

CVE-2023-46847

CVSS3: 8.6
ubuntu
больше 1 года назад

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

redhat логотип

CVE-2023-46847

CVSS3: 8.6
redhat
больше 1 года назад

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

debian логотип

CVE-2023-46847

CVSS3: 8.6
debian
больше 1 года назад

Squid is vulnerable to a Denial of Service, where a remote attacker c ...

oracle-oval логотип

ELSA-2023-6884

oracle-oval
больше 1 года назад

ELSA-2023-6884: squid security update (CRITICAL)

oracle-oval логотип

ELSA-2023-6882

oracle-oval
больше 1 года назад

ELSA-2023-6882: squid34 security update (CRITICAL)

EPSS

Процентиль: 98%
0.50113
Средний

8.6 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-120
CWE-120