CVE-2023-46847
Squid: denial of service in http digest authentication
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Produtos afetados
squidRed Hat · Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)Red Hat · Red Hat Enterprise Linux 7.7 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Extended Update SupportQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://access.redhat.com/errata/RHSA-2023:6266https://access.redhat.com/errata/RHSA-2023:6267https://access.redhat.com/errata/RHSA-2023:6268https://access.redhat.com/errata/RHSA-2023:6748https://access.redhat.com/errata/RHSA-2023:6801https://access.redhat.com/errata/RHSA-2023:6803https://access.redhat.com/errata/RHSA-2023:6804https://access.redhat.com/errata/RHSA-2023:6805https://access.redhat.com/errata/RHSA-2023:6810https://access.redhat.com/errata/RHSA-2023:6882https://access.redhat.com/errata/RHSA-2023:6884https://access.redhat.com/errata/RHSA-2023:7213