A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-12-25T00:00:00
Updated: 2024-08-03T12:42:44.884Z
Reserved: 2022-09-23T00:00:00
Link: CVE-2022-41318
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-12-25T19:15:10.820
Modified: 2024-11-21T07:23:02.240
Link: CVE-2022-41318
Redhat