CVE-2022-41318Integer Overflow or Wraparound in Squid

CWE-190Integer Overflow or WraparoundCWE-126Buffer Over-read9 documents6 sources
Severity
8.6HIGHNVD
EPSS
0.2%
top 63.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SquidSquid-cache Squid
Timeline
PublishedDec 25
Latest updateJun 27

Description

A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDsquid-cache/squid2.55.7
Debiansquid/squid< 4.13-10+deb11u2+3

Patches

Patch: www.squid-cache.orgPatch: www.squid-cache.orgPatch: github.com

🔴Vulnerability Details

4
OSV
squid3 vulnerabilities2024-06-27
CVEList
CVE-2022-41318: A buffer over-read was discovered in libntlmauth in Squid 22022-12-25
OSV
CVE-2022-41318: A buffer over-read was discovered in libntlmauth in Squid 22022-12-25
OSV
squid, squid3 vulnerabilities2022-09-26

📋Vendor Advisories

4
Ubuntu
Squid vulnerabilities2024-06-27
Ubuntu
Squid vulnerabilities2022-09-26
Red Hat
squid: buffer-over-read in SSPI and SMB authentication2022-09-23
Debian
CVE-2022-41318: squid - A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due t...2022
CVE-2022-41318 — Integer Overflow or Wraparound | cvebase