Описание
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 5.6-1ubuntu3 |
| esm-infra/focal | not-affected | 4.10-1ubuntu1.7 |
| focal | released | 4.10-1ubuntu1.7 |
| jammy | released | 5.2-1ubuntu4.2 |
| kinetic | released | 5.6-1ubuntu3 |
| lunar | released | 5.6-1ubuntu3 |
| mantic | released | 5.6-1ubuntu3 |
| noble | released | 5.6-1ubuntu3 |
| trusty | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 3.5.27-1ubuntu1.14 |
| esm-infra/bionic | not-affected | 3.5.27-1ubuntu1.14 |
| esm-infra/focal | DNE | |
| esm-infra/xenial | released | 3.5.12-1ubuntu7.16+esm3 |
| focal | DNE | |
| jammy | DNE | |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
EPSS
8.6 High
CVSS3
Связанные уязвимости
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
A buffer over-read was discovered in libntlmauth in Squid 2.5 through ...
EPSS
8.6 High
CVSS3