Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Top Critical CVEs

Highest risk vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Discover domains across TLDs

Sign In Sign Up

CVE-2023-46847

UNKNOWN

Published 2023-11-03T07:58:05.641Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-46847. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

8.6

/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14

0.501

probability

of exploitation in the wild

There is a 50.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25

Exploit Probability

Percentile: 0.977

Higher than 97.7% of all CVEs

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Description

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Understanding This Vulnerability

This Common Vulnerabilities and Exposures (CVE) entry provides detailed information about a security vulnerability that has been publicly disclosed. CVEs are standardized identifiers assigned by MITRE Corporation to track and catalog security vulnerabilities across software and hardware products.

The severity rating (UNKNOWN) indicates the potential impact of this vulnerability based on the CVSS (Common Vulnerability Scoring System) framework. Higher severity ratings typically indicate vulnerabilities that could lead to more significant security breaches if exploited. Security teams should prioritize remediation efforts based on severity, exploit availability, and the EPSS (Exploit Prediction Scoring System) score, which predicts the likelihood of exploitation in the wild.

If this vulnerability affects products or systems in your infrastructure, we recommend reviewing the affected products section, checking for available patches or updates from vendors, and implementing recommended workarounds or solutions until a permanent fix is available. Organizations should also monitor security advisories and threat intelligence feeds for updates about active exploitation of this vulnerability.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Unknown Vendor

Unknown Product

Affected Versions:

3.2.0.1

Red Hat

Red Hat Enterprise Linux 6 Extended Lifecycle Support

Affected Versions:

7:3.4.14-15.el6_10.1

Red Hat

Red Hat Enterprise Linux 6 Extended Lifecycle Support

Affected Versions:

7:3.1.23-24.el6_10.1

Red Hat

Red Hat Enterprise Linux 7

Affected Versions:

7:3.5.20-17.el7_9.9

Red Hat

Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)

Affected Versions:

7:3.5.20-12.el7_6.2

Red Hat

Red Hat Enterprise Linux 7.7 Advanced Update Support

Affected Versions:

7:3.5.20-13.el7_7.1

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

8080020231030214932.63b34585

Red Hat

Red Hat Enterprise Linux 8

Affected Versions:

8090020231030224841.a75119d5

Red Hat

Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Affected Versions:

8010020231101141358.c27ad7f8

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

Affected Versions:

8020020231101135052.4cda2c84

Red Hat

Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Affected Versions:

8020020231101135052.4cda2c84

Red Hat

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Affected Versions:

8020020231101135052.4cda2c84

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected Versions:

8040020231101101624.522a0ee4

Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected Versions:

8040020231101101624.522a0ee4

Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Affected Versions:

8040020231101101624.522a0ee4

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

Affected Versions:

8060020231031165747.ad008a3a

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

7:5.5-5.el9_2.1

Red Hat

Red Hat Enterprise Linux 9

Affected Versions:

7:5.5-6.el9_3.1

Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

Affected Versions:

7:5.2-1.el9_0.3

References

https://access.redhat.com/errata/RHSA-2023:6266 (CNA)

https://access.redhat.com/errata/RHSA-2023:6267 (CNA)

https://access.redhat.com/errata/RHSA-2023:6268 (CNA)

https://access.redhat.com/errata/RHSA-2023:6748 (CNA)

https://access.redhat.com/errata/RHSA-2023:6801 (CNA)

https://access.redhat.com/errata/RHSA-2023:6803 (CNA)

https://access.redhat.com/errata/RHSA-2023:6804 (CNA)

https://access.redhat.com/errata/RHSA-2023:6805 (CNA)

https://access.redhat.com/errata/RHSA-2023:6810 (CNA)

https://access.redhat.com/errata/RHSA-2023:6882 (CNA)

https://access.redhat.com/errata/RHSA-2023:6884 (CNA)

https://access.redhat.com/errata/RHSA-2023:7213 (CNA)

https://access.redhat.com/errata/RHSA-2023:7576 (CNA)

https://access.redhat.com/errata/RHSA-2023:7578 (CNA)

https://access.redhat.com/security/cve/CVE-2023-46847 (CNA)

https://bugzilla.redhat.com/show_bug.cgi?id=2245916 (CNA)

https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g (CNA)

Timeline

Reported to Red Hat.

Made public.

References

https://access.redhat.com/errata/RHSA-2023:6266

https://access.redhat.com/errata/RHSA-2023:6267

https://access.redhat.com/errata/RHSA-2023:6268

https://access.redhat.com/errata/RHSA-2023:6748

https://access.redhat.com/errata/RHSA-2023:6801

https://access.redhat.com/errata/RHSA-2023:6803

https://access.redhat.com/errata/RHSA-2023:6804

https://access.redhat.com/errata/RHSA-2023:6805

https://access.redhat.com/errata/RHSA-2023:6810

https://access.redhat.com/errata/RHSA-2023:6882

https://access.redhat.com/errata/RHSA-2023:6884

https://access.redhat.com/errata/RHSA-2023:7213

https://access.redhat.com/errata/RHSA-2023:7576

https://access.redhat.com/errata/RHSA-2023:7578

https://access.redhat.com/security/cve/CVE-2023-46847

https://bugzilla.redhat.com/show_bug.cgi?id=2245916

https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4g

Published: 2023-11-03T07:58:05.641Z

Last Modified: 2025-02-28T01:09:44.601Z

Copied to clipboard!