Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-41318HistoryDec 25, 2022 - 7:15 p.m.
CVE-2022-41318
2022-12-2519:15:10
Debian Security Bug Tracker
security-tracker.debian.org
98
cve-2022-41318
squid
buffer over-read
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
41.5%
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | squid | < 5.7-1 | squid_5.7-1_all.deb |
| Debian | 11 | all | squid | < 4.13-10+deb11u2 | squid_4.13-10+deb11u2_all.deb |
| Debian | 999 | all | squid | < 5.7-1 | squid_5.7-1_all.deb |
| Debian | 13 | all | squid | < 5.7-1 | squid_5.7-1_all.deb |
Related
redos
redos
ROS-20230317-02
2023-03-17 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2023-1515)
2023-03-09 00:00:00
Squid Buffer Overflow Vulnerability (SQUID-2022:2)
2022-09-29 00:00:00
CentOS: Security Advisory for squid (CESA-2022:6815)
2022-10-27 00:00:00
cnvd
cnvd
Squid out-of-bounds read vulnerability
2022-09-28 00:00:00
cvelist
cvelist
CVE-2022-41318
2022-12-25 00:00:00
oraclelinux
oraclelinux
squid:4 security update
2022-10-05 00:00:00
squid security update
2022-10-06 00:00:00
squid security update
2022-10-07 00:00:00
alpinelinux
alpinelinux
CVE-2022-41318
2022-12-25 19:15:10
centos
centos
squid security update
2022-10-26 14:19:36
redhat
redhat
(RHSA-2022:6815) Important: squid security update
2022-10-05 12:08:50
(RHSA-2022:6775) Important: squid:4 security update
2022-10-04 14:29:18
(RHSA-2022:6777) Important: squid:4 security update
2022-10-04 14:31:28
nessus
nessus
AlmaLinux 9 : squid (ALSA-2022:6839)
2022-11-16 00:00:00
RHEL 8 : squid:4 (RHSA-2022:6774)
2022-10-05 00:00:00
Rocky Linux 8 : squid:4 (RLSA-2022:6775)
2022-11-17 00:00:00
almalinux
almalinux
Important: squid security update
2022-10-06 00:00:00
Important: squid:4 security update
2022-10-04 00:00:00
osv
osv
Important: squid:4 security update
2022-10-04 14:29:18
Important: squid:4 security update
2022-10-04 00:00:00
Important: squid security update
2022-10-06 14:37:45
cloudlinux
cloudlinux
Fixed CVE-2022-41318 in squid34
2022-10-11 15:18:31
Fixed CVE-2022-41318 in squid
2022-10-11 15:16:09
redhatcve
redhatcve
CVE-2022-41318
2022-09-26 09:49:37
prion
prion
Integer overflow
2022-12-25 19:15:00
veracode
veracode
Buffer Overflow
2022-09-26 23:57:20
ubuntucve
ubuntucve
CVE-2022-41318
2022-09-23 00:00:00
cve
cve
CVE-2022-41318
2022-12-25 19:15:10
nvd
nvd
CVE-2022-41318
2022-12-25 19:15:10
rocky
rocky
squid:4 security update
2022-10-04 14:29:18
squid security update
2022-10-06 14:37:45
debian
debian
[SECURITY] [DSA 5258-1] squid security update
2022-10-19 08:18:22
[SECURITY] [DLA 3151-1] squid security update
2022-10-12 19:31:44
fedora
fedora
[SECURITY] Fedora 36 Update: squid-5.7-1.fc36
2022-10-05 01:01:55
[SECURITY] Fedora 37 Update: squid-5.7-1.fc37
2022-10-04 15:13:48
[SECURITY] Fedora 35 Update: squid-5.7-1.fc35
2022-10-05 01:05:06
suse
suse
Security update for squid (important)
2022-10-17 00:00:00
Security update for squid (important)
2022-10-06 00:00:00
mageia
mageia
Updated squid packages fix security vulnerability
2022-10-01 20:48:24
ubuntu
ubuntu
Squid vulnerabilities
2022-09-26 00:00:00
Squid vulnerabilities
2024-06-27 00:00:00
amazon
amazon
Important: squid
2023-01-31 20:44:00
Important: squid
2023-01-18 00:16:00
photon
photon
Important Photon OS Security Update - PHSA-2023-0310
2023-01-09 00:00:00
Important Photon OS Security Update - PHSA-2023-0513
2023-01-10 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0513
2023-01-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2273
2023-10-22 06:19:50
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
41.5%
Related for DEBIANCVE:CVE-2022-41318