Vulnerabilities > CVE-2023-46848 - Incorrect Conversion between Numeric Types vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:6266
- https://access.redhat.com/security/cve/CVE-2023-46848
- https://access.redhat.com/errata/RHSA-2023:6268
- https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w
- https://bugzilla.redhat.com/show_bug.cgi?id=2245919
- https://access.redhat.com/errata/RHSA-2023:6748
- https://security.netapp.com/advisory/ntap-20231214-0005/