1. Home
  2. Vulnerabilities
  3. CVE-2022-41318

CVE-2022-41318

CVSS v3.1 8.6 (High)
86% Progress
EPSS 0.10 % (41th)
0.10% Progress
Affected Products 1
Advisories 22
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.

Weaknesses
CWE-125
Out-of-bounds Read
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2022-12-25 19:15:10
(21 months ago)
Updated Date
2023-03-28 18:04:31
(17 months ago)

Affected Products

Squid-cache

Configuration #1

    CPE23 From Up To
  Squid-cache Squid from 2.5 version and prior 5.7 version cpe:2.3:a:squid-cache:squid >= 2.5 < 5.7