Launchpad CVE tracker

CVE 2023-46847

Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.

Related bugs and status

CVE-2023-46847 (Candidate) is related to these bugs:

Bug #2040426: Merge squid from Debian unstable for noble

Summary				In	Importance	Status
	2040426	Merge squid from Debian unstable for noble		squid (Ubuntu)	Undecided	Fix Released

Bug #2041837: squid:update to 6.4+ get fixes for CVEs

		In	Importance	Status
2041837	squid:update to 6.4+ get fixes for CVEs	Ubuntu Docker Images	Undecided	New
2041837	squid:update to 6.4+ get fixes for CVEs	squid (Ubuntu)	Undecided	Fix Released
2041837	squid:update to 6.4+ get fixes for CVEs	squid (Ubuntu Mantic)	Undecided	Fix Released
2041837	squid:update to 6.4+ get fixes for CVEs	squid (Ubuntu Noble)	Undecided	Fix Released
2041837	squid:update to 6.4+ get fixes for CVEs	squid (Ubuntu Lunar)	Undecided	Won't Fix
2041837	squid:update to 6.4+ get fixes for CVEs	squid (Ubuntu Jammy)	Undecided	Fix Released
2041837	squid:update to 6.4+ get fixes for CVEs	squid (Ubuntu Focal)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-46847

References