CVE-2023-46848

Related Files

Debian Security Advisory 5637-1

Posted Mar 8, 2024

Authored by Debian | Site debian.org

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

tags | advisory, remote, web, denial of service, overflow, vulnerability

systems | linux, debian

advisories | CVE-2023-46724, CVE-2023-46846, CVE-2023-46847, CVE-2023-46848, CVE-2023-49285, CVE-2023-49286, CVE-2023-50269, CVE-2024-23638, CVE-2024-25111, CVE-2024-25617

SHA-256 | a79ef3e7a5505aef83c8e1d9026a34f64acecaa9ccd3e41b225ac5500d8a96e7

Download | Favorite | View

Ubuntu Security Notice USN-6500-1

Posted Nov 22, 2023

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6500-1 - Joshua Rogers discovered that Squid incorrectly handled validating certain SSL certificates. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 23.04, and Ubuntu 23.10. Joshua Rogers discovered that Squid incorrectly handled the Gopher protocol. A remote attacker could possibly use this issue to cause Squid to crash, resulting in a denial of service. Gopher support has been disabled in this update. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04.

tags | advisory, remote, denial of service, protocol

systems | linux, ubuntu

advisories | CVE-2023-46724, CVE-2023-46728, CVE-2023-46846, CVE-2023-46847, CVE-2023-46848

SHA-256 | 89e080ec0dca666e58acac5a17ad942076e2d2723e487a8ff043ca16623f5d78

Download | Favorite | View