CVE-2023-46848 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
redhat	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 93%

Affected Products (NVD)

Vendor	Product	Version
squid-cache	squid	5.0.3 ≤ 𝑥 < 6.4
redhat	enterprise_linux	9.0
redhat	enterprise_linux_eus	9.2
redhat	enterprise_linux_server_aus	9.2
redhat	enterprise_linux_server_tus	9.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

squid

bookworm	5.7-2+deb12u2 fixed
bookworm (security)	5.7-2+deb12u2 fixed
bullseye	4.13-10+deb11u3 not-affected
bullseye (security)	4.13-10+deb11u3 fixed
buster	not-affected
sid	6.12-1 fixed
trixie	6.12-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

squid

bionic	ignored
focal	not-affected
jammy	Fixed 5.7-0ubuntu0.22.04.2 released
lunar	Fixed 5.7-1ubuntu3.1 released
mantic	Fixed 6.1-2ubuntu1.1 released
trusty	ignored
xenial	ignored

squid3

bionic	not-affected
focal	dne
jammy	dne
lunar	dne
mantic	dne
trusty	ignored
xenial	not-affected

Common Weakness Enumeration

CWE-681 - Incorrect Conversion between Numeric Types
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References

https://access.redhat.com/errata/RHSA-2023:6266

https://access.redhat.com/errata/RHSA-2023:6268

https://access.redhat.com/errata/RHSA-2023:6748

https://access.redhat.com/security/cve/CVE-2023-46848

https://bugzilla.redhat.com/show_bug.cgi?id=2245919

https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w

https://access.redhat.com/errata/RHSA-2023:6266

https://access.redhat.com/errata/RHSA-2023:6268

https://access.redhat.com/errata/RHSA-2023:6748

https://access.redhat.com/security/cve/CVE-2023-46848

https://bugzilla.redhat.com/show_bug.cgi?id=2245919

https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w

https://security.netapp.com/advisory/ntap-20231214-0005/