Description
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| unaffected |
|
||||||||
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 6 Extended Lifecycle Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 7 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 7.7 Advanced Update Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9 | affected |
|
||||||
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 6 Extended Lifecycle Support | |||
| squid34-7:3.4.14-15.el6_10.1 | cpe:/o:redhat:rhel_els:6 | RHSA-2023:6882 | 2023-11-13T00:00:00Z |
| squid-7:3.1.23-24.el6_10.1 | cpe:/o:redhat:rhel_els:6 | RHSA-2023:6884 | 2023-11-13T00:00:00Z |
| Red Hat Enterprise Linux 7 | |||
| squid-7:3.5.20-17.el7_9.9 | cpe:/o:redhat:enterprise_linux:7 | RHSA-2023:6805 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118) | |||
| squid-7:3.5.20-12.el7_6.2 | cpe:/o:redhat:rhel_aus:7.6 | RHSA-2023:7578 | 2023-11-29T00:00:00Z |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | |||
| squid-7:3.5.20-13.el7_7.1 | cpe:/o:redhat:rhel_aus:7.7 | RHSA-2023:7576 | 2023-11-29T00:00:00Z |
| Red Hat Enterprise Linux 8 | |||
| squid:4-8080020231030214932.63b34585 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2023:6267 | 2023-11-02T00:00:00Z |
| squid:4-8090020231030224841.a75119d5 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2023:7213 | 2023-11-14T00:00:00Z |
| Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | |||
| squid:4-8010020231101141358.c27ad7f8 | cpe:/a:redhat:rhel_e4s:8.1 | RHSA-2023:6810 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | |||
| squid:4-8020020231101135052.4cda2c84 | cpe:/a:redhat:rhel_aus:8.2 | RHSA-2023:6803 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Telecommunications Update Service | |||
| squid:4-8020020231101135052.4cda2c84 | cpe:/a:redhat:rhel_tus:8.2 | RHSA-2023:6803 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | |||
| squid:4-8020020231101135052.4cda2c84 | cpe:/a:redhat:rhel_e4s:8.2 | RHSA-2023:6803 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | |||
| squid:4-8040020231101101624.522a0ee4 | cpe:/a:redhat:rhel_aus:8.4 | RHSA-2023:6804 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Telecommunications Update Service | |||
| squid:4-8040020231101101624.522a0ee4 | cpe:/a:redhat:rhel_tus:8.4 | RHSA-2023:6804 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | |||
| squid:4-8040020231101101624.522a0ee4 | cpe:/a:redhat:rhel_e4s:8.4 | RHSA-2023:6804 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | |||
| squid:4-8060020231031165747.ad008a3a | cpe:/a:redhat:rhel_eus:8.6 | RHSA-2023:6801 | 2023-11-08T00:00:00Z |
| Red Hat Enterprise Linux 9 | |||
| squid-7:5.5-5.el9_2.1 | cpe:/a:redhat:enterprise_linux:9 | RHSA-2023:6266 | 2023-11-02T00:00:00Z |
| squid-7:5.5-6.el9_3.1 | cpe:/a:redhat:enterprise_linux:9 | RHSA-2023:6748 | 2023-11-07T00:00:00Z |
| Red Hat Enterprise Linux 9.0 Extended Update Support | |||
| squid-7:5.2-1.el9_0.3 | cpe:/a:redhat:rhel_eus:9.0 | RHSA-2023:6268 | 2023-11-02T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-3709-1 | squid security update |
 Debian DSA |
DSA-5637-1 | squid security update |
 Ubuntu USN |
USN-6500-1 | Squid vulnerabilities |
| Ubuntu USN |
USN-6500-2 | Squid vulnerabilities |
References
History
Fri, 22 Nov 2024 12:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 16 Sep 2024 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Subscriptions
Redhat
Subscribe
Enterprise Linux
Subscribe
Enterprise Linux Eus
Subscribe
Enterprise Linux For Arm 64
Subscribe
Enterprise Linux For Ibm Z Systems
Subscribe
Enterprise Linux For Power Little Endian
Subscribe
Enterprise Linux Server
Subscribe
Enterprise Linux Server Aus
Subscribe
Enterprise Linux Server Tus
Subscribe
Enterprise Linux Workstation
Subscribe
Rhel Aus
Subscribe
Rhel E4s
Subscribe
Rhel Els
Subscribe
Rhel Eus
Subscribe
Rhel Tus
Subscribe
Squid-cache
Subscribe
Squid
Subscribe
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2026-02-25T18:19:20.040Z
Reserved: 2023-10-27T08:36:38.158Z
Link: CVE-2023-46847
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-11-03T08:15:08.023
Modified: 2024-11-21T08:29:25.000
Link: CVE-2023-46847
Redhat
OpenCVE Enrichment
No data.
Weaknesses