CVE-2023-46846
CRITICALSquid 2.6-6.4 - HTTP Request Smuggling via Chunked Decoder Lenience
Title source: manualDescription
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References (16)
Core 16
Core References
Vendor Advisory
https://security.netapp.com/advisory/ntap-20231130-0002/
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6266
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6267
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6268
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6748
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6801
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6803
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6804
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:6810
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:7213
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2024:11049
Third Party Advisory vdb-entry
x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2023-46846
Issue Tracking, Third Party Advisory issue-tracking
x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2245910
Scores
CVSS v3
9.3
EPSS
0.0525
EPSS Percentile
91.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-444
Status
published
Products (19)
redhat/enterprise_linux
8.0
redhat/enterprise_linux
9.0
redhat/enterprise_linux_eus
8.6
redhat/enterprise_linux_eus
8.8
redhat/enterprise_linux_eus
9.0
redhat/enterprise_linux_eus
9.2
redhat/enterprise_linux_for_arm_64
8.0_aarch64
redhat/enterprise_linux_for_ibm_z_systems
8.0_s390x
redhat/enterprise_linux_for_power_little_endian
8.0_ppc64le
redhat/enterprise_linux_server_aus
8.2
... and 9 more
Published
Nov 03, 2023
Tracked Since
Feb 18, 2026