CVE-2023-25076

Name
CVE-2023-25076
Description
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731
MISC https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583
MISC https://lists.debian.org/debian-lts-announce/2023/04/msg00030.html
MISC https://www.debian.org/security/2023/dsa-5413

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:sniproxy_project:sniproxy:0.6.1:*:*:*:*:*:*:* sniproxy == None == 0.6.1
cpe:2.3:a:sniproxy_project:sniproxy:0.6.0-2:*:*:*:*:*:*:* sniproxy == None == 0.6.0-2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
sniproxy edge-community 0.6.1-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
sniproxy 3.18-community 0.6.1-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
sniproxy 3.19-community 0.6.1-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable
sniproxy 3.20-community 0.6.1-r0 Leonardo Arena <rnalrd@alpinelinux.org> possibly vulnerable