VDB

CISA-2023-46846

CISA-2023-46846 PUBLISHED CVSS 9.3 CRITICAL

Reported by redhat · Published November 3, 2023

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

Risk Scores

CVSS 3.1
9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Affected Products

VendorProductVersions
2.6
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support7:3.5.20-17.el7_9.13
Red HatRed Hat Enterprise Linux 88080020231030214932.63b34585
Red HatRed Hat Enterprise Linux 88090020231030224841.a75119d5
Red HatRed Hat Enterprise Linux 8.1 Update Services for SAP Solutions8010020231101141358.c27ad7f8
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support8020020231101135052.4cda2c84
Red HatRed Hat Enterprise Linux 8.2 Telecommunications Update Service8020020231101135052.4cda2c84
Red HatRed Hat Enterprise Linux 8.2 Update Services for SAP Solutions8020020231101135052.4cda2c84
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support8040020231101101624.522a0ee4
Red HatRed Hat Enterprise Linux 8.4 Telecommunications Update Service8040020231101101624.522a0ee4
Red HatRed Hat Enterprise Linux 8.4 Update Services for SAP Solutions8040020231101101624.522a0ee4
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support8060020231031165747.ad008a3a
Red HatRed Hat Enterprise Linux 97:5.5-5.el9_2.1
Red HatRed Hat Enterprise Linux 97:5.5-6.el9_3.1
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support7:5.2-1.el9_0.3
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 6
Red HatRed Hat Enterprise Linux 9.0 Extended Update Support7:5.2-1.el9_0.3, 7:5.2-1.el9_0.3
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support7:3.5.20-17.el7_9.13, 7:3.5.20-17.el7_9.13
Red HatRed Hat Enterprise Linux 8.1 Update Services for SAP Solutions8010020231101141358.c27ad7f8, 8010020231101141358.c27ad7f8

…and 12 more

Timeline

  • Nov 3, 2023 CVE Published
  • Feb 25, 2026 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›