CVE-2023-25076

CVE-2023-25076

Name

CVE-2023-25076

Description

A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731
MISC	https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583
MISC	https://lists.debian.org/debian-lts-announce/2023/04/msg00030.html
MISC	https://www.debian.org/security/2023/dsa-5413

Type

URI

MISC

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731

MISC

https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583

MISC

https://lists.debian.org/debian-lts-announce/2023/04/msg00030.html

MISC

https://www.debian.org/security/2023/dsa-5413

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:sniproxy_project:sniproxy:0.6.1:::::::*`	sniproxy	== None	== 0.6.1
`cpe:2.3:a:sniproxy_project:sniproxy:0.6.0-2:::::::*`	sniproxy	== None	== 0.6.0-2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:sniproxy_project:sniproxy:0.6.1:*:*:*:*:*:*:*

sniproxy

== None

== 0.6.1

cpe:2.3:a:sniproxy_project:sniproxy:0.6.0-2:*:*:*:*:*:*:*

sniproxy

== None

== 0.6.0-2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
sniproxy	edge-community	0.6.1-r0	Leonardo Arena <rnalrd@alpinelinux.org>	possibly vulnerable
sniproxy	3.22-community	0.6.1-r0	Leonardo Arena <rnalrd@alpinelinux.org>	possibly vulnerable
sniproxy	3.20-community	0.6.1-r0	Leonardo Arena <rnalrd@alpinelinux.org>	possibly vulnerable
sniproxy	3.19-community	0.6.1-r0	Leonardo Arena <rnalrd@alpinelinux.org>	possibly vulnerable
sniproxy	3.18-community	0.6.1-r0	Leonardo Arena <rnalrd@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

sniproxy

edge-community

0.6.1-r0

Leonardo Arena <rnalrd@alpinelinux.org>

possibly vulnerable

sniproxy

3.22-community