53 matches found
MiracleLinux 7 : squid-3.5.20-17.el7.8 (AXSA:2022-3878:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3878:02 advisory. squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 9 : squid-5.2-1.el9.2 (AXSA:2022-4089:04)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-4089:04 advisory. squid: buffer-over-read in SSPI and SMB authentication CVE-2022-41318 Tenable has extracted the preceding description block directly from the MiracleLinux...
Alibaba Cloud Linux 3 : 0166: squid:4 (ALINUX3-SA-2022:0166)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2022:0166 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41318: RESERVED This candidate has been...
Ubuntu: Security Advisory (USN-6857-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6857-1: Squid vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled requests with the urn: scheme. A remote attacker could possibly use this issue to cause Squid to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS. CVE-2021-28651 It was discovered that Squid...
Rocky Linux 9 : squid (RLSA-2022:6839)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6839 advisory. - A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer- overflow protection, the SSPI and SMB authentication helpe...
Amazon Linux 2 : squid (ALASSQUID4-2023-001)
The version of squid installed on the remote host is prior to 4.15-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2SQUID4-2023-001 advisory. A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerabl...
Important: squid
Issue Overview: A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure or a denial of service. CVE-2022-41318 Affected Packages: squid Note: This advisory i...
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2023-1515)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : squid (EulerOS-SA-2023-1515)
According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer- overflow protection, the SSPI and SMB...
SUSE CVE-2022-41318
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...
Important: squid
Issue Overview: In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. CVE-2021-46784 A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI an...
Amazon Linux 2 : squid (ALAS-2023-1907)
The version of squid installed on the remote host is prior to 3.5.20-17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1907 advisory. In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service...
CVE-2022-41318
creationtimestamp| type| source ---|---|--- 2022-12-25 22:40:23+00:00| seen| https://t.me/cibsecurity/55318 2025-04-14 18:54:16+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11685...
CVE-2022-41318
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...
CVE-2022-41318
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...
CVE-2022-41318
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...
CVE-2022-41318
CVE-2022-41318 is a vulnerability in Squid’s libntlmauth where a buffer over-read, caused by insufficient integer-overflow protection in the SSPI/SMB authentication helpers, can lead to reading unintended memory and potentially exposing cleartext credentials to a client. Public sources consistent...
CVE-2022-41318
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a...
Fedora 36 : squid (2022-c8cad41c95)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-c8cad41c95 advisory. - version update to 5.7. - security fixes CVE-2022-41317 Tenable has extracted the preceding description block directly from the Fedora security...