CVE-2023-46847

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-46847

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46847.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46847

Downstream

ALPINE-CVE-2023-46847

DEBIAN-CVE-2023-46847

DLA-3709-1

DSA-5637-1

OESA-2023-1776

RHSA-2023:6266

RHSA-2023:6267

RHSA-2023:6268

RHSA-2023:6748

RHSA-2023:6801

RHSA-2023:6803

RHSA-2023:6804

RHSA-2023:6805

RHSA-2023:6810

RHSA-2023:6882

RHSA-2023:6884

RHSA-2023:7213

RHSA-2023:7576

RHSA-2023:7578

SUSE-SU-2023:4380-1

SUSE-SU-2023:4381-1

SUSE-SU-2023:4384-1

UBUNTU-CVE-2023-46847

USN-6500-1

USN-6500-2

openSUSE-SU-2024:13398-1

Related

Published

2023-11-03T08:15:08Z

Modified

2025-10-21T02:35:55Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type: GIT
Repo: https://github.com/squid-cache/squid
Events: Introduced

04c6f6c989fb0083b3b10adfe2f438b6781c43bd

Fixed

1d8175b27fc1c347649d4f221ff2633e8d800429