Vulnerability Description
A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP or TLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sniproxy Project | Sniproxy | 0.6.0-2 |
Related Weaknesses (CWE)
References
- https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02aePatch
- https://lists.debian.org/debian-lts-announce/2023/04/msg00030.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731ExploitMitigationThird Party Advisory
- https://www.debian.org/security/2023/dsa-5413
- https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02aePatch
- https://lists.debian.org/debian-lts-announce/2023/04/msg00030.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731ExploitMitigationThird Party Advisory
- https://www.debian.org/security/2023/dsa-5413
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1731
FAQ
What is CVE-2023-25076?
CVE-2023-25076 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP ...
How severe is CVE-2023-25076?
CVE-2023-25076 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-25076?
Check the references section above for vendor advisories and patch information. Affected products include: Sniproxy Project Sniproxy.