CVE-2023-46847

Name: CVE-2023-46847
Creator: NVD / NIST
Published: 2023-11-03T08:15:08.023+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 85.94%

Last modified Jun 17, 2026

CVE-2023-46847 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.. EPSS estimates a 85.94% chance of exploitation in the next 30 days.

Description

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

85.94%

99.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Squid-Cache	Squid	>= 3.2.0.1, < 6.4
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux	9.0
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux Eus	8.8
Redhat	Enterprise Linux Eus	9.0
Redhat	Enterprise Linux Eus	9.2
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Power Little Endian	8.0_ppc64le
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Aus	8.4
Redhat	Enterprise Linux Server Aus	8.6
Redhat	Enterprise Linux Server Aus	9.2
Redhat	Enterprise Linux Server Tus	8.2
Redhat	Enterprise Linux Server Tus	8.4
Redhat	Enterprise Linux Server Tus	8.6
Redhat	Enterprise Linux Server Tus	8.8
Redhat	Enterprise Linux Server Tus	9.2
Redhat	Enterprise Linux Workstation	7.0

References

https://access.redhat.com/errata/RHSA-2023:6266Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6267Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6268Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6748Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6801Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6803Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6804Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6805Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6810Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6882Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6884Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7213Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7576Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7578Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-46847Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2245916Issue Tracking, Third Party Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4gVendor Advisory
https://access.redhat.com/errata/RHSA-2023:6266Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6267Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6268Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6748Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6801Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6803Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6804Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6805Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6810Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6882Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6884Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7213Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7576Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7578Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-46847Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2245916Issue Tracking, Third Party Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-phqj-m8gv-cq4gVendor Advisory
https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html
https://security.netapp.com/advisory/ntap-20231130-0002/

Timeline

Published: Nov 3, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-46847?

How severe is CVE-2023-46847?

CVE-2023-46847 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 85.94% probability of exploitation in the next 30 days.

How do I fix CVE-2023-46847?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-46847?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST