CVE-2023-46846: SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall…

medium5.3CVSS 3.1

AVNACLPRNUINSUCNILAN

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	squid	< squid 5.7-2+deb12u1 (bookworm)	squid 5.7-2+deb12u1 (bookworm)
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_for_arm_64	—	—
redhat	enterprise_linux_for_ibm_z_systems	—	—
redhat	enterprise_linux_for_power_little_endian	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
redhat	enterprise_linux_server_tus	—	—
squid-cache	squid	>= 2.6 < 6.4	6.4
squid	squid	>= 0 < 4.13-10+deb11u3	4.13-10+deb11u3
squid	squid	>= 0 < 5.7-2+deb12u1	5.7-2+deb12u1
squid	squid	>= 0 < 6.5-1	6.5-1
squid	squid	>= 0 < 6.5-1	6.5-1
squid	squid	>= 0 < 4.10-1ubuntu1.8	4.10-1ubuntu1.8

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

osv7.5HIGH