CVE-2023-46847
03.11.2023, 08:15
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
| Vendor | Product | Version |
|---|---|---|
| squid-cache | squid | 3.2.0.1 ≤ 𝑥 < 6.4 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_eus | 8.8 |
| redhat | enterprise_linux_eus | 9.0 |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | enterprise_linux_for_arm_64 | 8.0_aarch64:_aarch64 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x:_s390x |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le:_ppc64le |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_aus | 9.2 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_tus | 8.8 |
| redhat | enterprise_linux_server_tus | 9.2 |
| redhat | enterprise_linux_workstation | 7.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| squid |
| ||||||||||||||
| squid3 |
|
References