Lucene search

K

GoogleOSV:USN-5641-1

HistorySep 26, 2022 - 4:23 p.m.

squid, squid3 vulnerabilities

2022-09-2616:23:50

Google

osv.dev

7

mikhail evdokimov

cache manager acls

remote attacker

sensitive information

ubuntu 20.04 lts

ubuntu 22.04 lts

cve-2022-41317

sspi

smb authentication

denial of service

software

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%

Mikhail Evdokimov discovered that Squid incorrectly handled cache manager
ACLs. A remote attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-41317)

It was discovered that Squid incorrectly handled SSPI and SMB
authentication. A remote attacker could use this issue to cause Squid to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2022-41318)

References

ubuntu.com/security/CVE-2022-41317

ubuntu.com/security/CVE-2022-41318

ubuntu.com/security/notices/USN-5641-1

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.1%