Lucene search

K
redhatcveRedhat.comRH:CVE-2022-41318
HistorySep 26, 2022 - 9:49 a.m.

CVE-2022-41318

2022-09-2609:49:37
redhat.com
access.redhat.com
29
squid
sspi
smb
authentication
buffer overflow
information disclosure
vulnerability
integer overflow

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

41.0%

A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure.

Mitigation

Disable use of the vulnerable authentication scheme.

CVSS3

8.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

EPSS

0.001

Percentile

41.0%