CVE-2023-46846
high-risk
Published 2023-11-03
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
Do I need to act?
~
9.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.3/10
Critical
NETWORK
/ LOW complexity
Affected Products (19)
Affected Vendors
References (28)
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6266
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6267
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6268
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6748
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6801
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6803
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6804
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6810
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7213
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-46846
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=2245910
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6266
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6267
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6268
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6748
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6801
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6803
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:6804
and 8 more references
61
/ 100
high-risk
Severity
31/34 · Critical
Exploitability
11/34 · Low
Exposure
19/34 · Moderate