PT-2023-6902 · Squid+10 · Squid+11

Megamansec

·

Published

2023-10-19

·

Updated

2026-03-29

·

CVE-2023-46847

CVSS v2.0

9.0

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:C
Name of the Vulnerable Software and Affected Versions Squid (affected versions not specified)
Description The issue is related to a Denial of Service vulnerability in the Squid proxy server, specifically with the HTTP Digest Authentication handler, which can lead to uncontrolled resource consumption. A remote attacker can exploit this vulnerability to cause a denial of service or other impacts by performing a buffer overflow attack, writing up to 2 MB of arbitrary data to heap memory. This can happen when Squid is configured to accept HTTP Digest Authentication.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

DoS

Resource Exhaustion

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-120

Related Identifiers

ALSA-2023:6266
ALSA-2023:6267
ALSA-2023:6748
ALSA-2023:7213
ALT-PU-2023-7250
ALT-PU-2023-7254
ALT-PU-2023-7461
ALT-PU-2024-9370
AZL-31902
AZL-63103
BDU:2023-07920
CESA-2023_6267
CESA-2023_6805
CESA-2023_7213
CVE-2023-46847
DLA-3709-1
DSA-5637-1
GHSA-PHQJ-M8GV-CQ4G
MGASA-2023-0315
OESA-2023-1776
OPENSUSE-SU-2023_4380-1
OPENSUSE-SU-2024:13398-1
RHSA-2023:6266
RHSA-2023:6267
RHSA-2023:6268
RHSA-2023:6748
RHSA-2023:6801
RHSA-2023:6803
RHSA-2023:6804
RHSA-2023:6805
RHSA-2023:6810
RHSA-2023:6882
RHSA-2023:6884
RHSA-2023:7213
RHSA-2023:7576
RHSA-2023:7578
RHSA-2023_6266
RHSA-2023_6267
RHSA-2023_6748
RHSA-2023_6805
RHSA-2023_7213
RLSA-2023:6266
RLSA-2023:6267
RLSA-2023:7213
ROSA-SA-2024-2477
SUSE-SU-2023:4380-1
SUSE-SU-2023:4381-1
SUSE-SU-2023:4384-1
USN-6500-1
USN-6500-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu