CVE-2023-46846

CVSS v3.1

9.3

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Squid (affected versions not specified)

Description The issue is related to the chunked decoder of the Squid proxy server, which is associated with the server's interpretation of fragmented syntax encoding. This can allow a remote attacker to perform Request/Response smuggling past firewall and frontend security systems, potentially enabling direct interaction with the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

ALSA-2023:6266

ALSA-2023:6267

ALSA-2023:6748

ALSA-2023:7213

ALT-PU-2023-7250

ALT-PU-2023-7254

ALT-PU-2023-7461

ALT-PU-2024-9370

AZL-31905

BDU:2023-08063

CESA-2023_6267

CESA-2023_7213

CVE-2023-46846

DLA-3709-1

DLA-3709-2

DSA-5637-1

GHSA-J83V-W3P4-5CQH

MGASA-2023-0315

OESA-2023-1776

OPENSUSE-SU-2023_4380-1

OPENSUSE-SU-2024:13398-1

RHSA-2023:6266

RHSA-2023:6267

RHSA-2023:6268

RHSA-2023:6748

RHSA-2023:6801

RHSA-2023:6803

RHSA-2023:6804

RHSA-2023:6810

RHSA-2023:7213

RHSA-2023_6266

RHSA-2023_6267

RHSA-2023_6748

RHSA-2023_7213

RHSA-2024:11049

RLSA-2023:6266

RLSA-2023:6267

RLSA-2023:7213

ROSA-SA-2024-2477

ROSA-SA-2025-2759

SUSE-SU-2023:4380-1

SUSE-SU-2023:4381-1

SUSE-SU-2023:4384-1

USN-6500-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

CVE-2023-46846

Weakness Enumeration

Related Identifiers

Affected Products

References · 103