Main Vulnerability Database Vulnerabilities #VU67609

#VU67609 Out-of-bounds read in Squid - CVE-2022-41318

Published: September 23, 2022 / Updated: October 20, 2022

Vulnerability identifier: #VU67609

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-41318

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Squid

Software vendor:
Squid-cache.org

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the server.

The vulnerability exists due to a boundary condition within SSPI and SMB authentication helpers. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or crash the server.

Successful exploitation of the vulnerability requires that Squid is configured to use NTLM or Negotiate authentication with one of the vulnerable helpers.

Remediation

Install updates from vendor's website.

External links

https://seclists.org/oss-sec/2022/q3/231

#VU67609 Out-of-bounds read in Squid - CVE-2022-41318

Description

Remediation

External links

Please verify you're human