aosc-os-abbs icon indicating copy to clipboard operation
aosc-os-abbs copied to clipboard

Published 20 hours ago verified publisher icon AOSC-Dev

squid: Multiple Vulnerabilites (CVE-2021-46784, CVE-2022-4131{7,8})

Open CamberLoid opened this issue 2 years ago • 0 comments

CVE IDs

CVE-2021-46784, CVE-2022-4131{7,8}

Other security advisory IDs

  • Debian
    • https://security-tracker.debian.org/tracker/DSA-5258-1
    • https://security-tracker.debian.org/tracker/DLA-3151-1

Description

Current squid in repository is exposure to several security vulnerabilities.

  • CVE-2021-46784: Before squid 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.
  • CVE-2022-41318: Due to an incorrect integer overflow protection Squid SSPI and SMB authentication helpers are vulnerable to a Buffer Overflow attack. This allows a remote client to perform a Denial of Service attack. See https://www.openwall.com/lists/oss-security/2022/09/23/2
  • CVE-2022-41317: Due to inconsistent handling of internal URIs Squid is vulnerable to Exposure of Sensitive Information about clients using the proxy. See https://www.openwall.com/lists/oss-security/2022/09/23/1

Patches

N/A

PoC(s)

N/A

CamberLoid avatar Oct 20 '22 16:10 CamberLoid