CVSS 3.1 Score 7.5 of 10 (high)


Published Nov 3, 2023
Updated: Feb 16, 2024
CWE ID 120


CVE-2023-46847 is a vulnerability that affects Squid, a caching and proxy server software. The vulnerability allows a remote attacker to perform a Denial of Service (DoS) attack by exploiting a buffer overflow when Squid is configured to accept HTTP Digest Authentication. This can be done by writing up to 2 MB of arbitrary data to heap memory. The affected products include various versions of Squid, such as Qtr2eq, Qtr2ep, Qtr2eo, and others. To remediate this vulnerability, it is recommended to update Squid to the latest version or apply any patches provided by the vendor. The potential danger posed by this vulnerability is high, as it can lead to service disruption and impact the availability of the affected organization's network infrastructure.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46847 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options