CVE-2022-41317
First published: Sun Dec 25 2022(Updated: )
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Squid-Cache Squid | >=4.9<=4.17 | |
| Squid-Cache Squid | >=5.0.6<5.7 | |
| debian/squid | 4.13-10+deb11u3 5.7-2+deb12u2 6.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch
- http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch
- https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq
- https://www.openwall.com/lists/oss-security/2022/09/23/1
- https://launchpad.net/bugs/cve/CVE-2022-41317
- https://security-tracker.debian.org/tracker/CVE-2022-41317
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41317
- https://nvd.nist.gov/vuln/detail/CVE-2022-41317
- https://ubuntu.com/security/CVE-2022-41317
Frequently Asked Questions
What is the vulnerability ID for this issue in Squid?
The vulnerability ID for this issue in Squid is CVE-2022-41317.
What is the severity of CVE-2022-41317?
The severity of CVE-2022-41317 is medium with a CVSS score of 6.5.
What is the affected software for CVE-2022-41317?
The affected software for CVE-2022-41317 is Squid versions 4.9 through 4.17 and 5.0.6 through 5.6.
How can I fix CVE-2022-41317?
To fix CVE-2022-41317, update your Squid installation to version 5.7 or higher.
Where can I find more information about CVE-2022-41317?
You can find more information about CVE-2022-41317 on the Squid-cache website and the GitHub Security Advisory.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/trending
- vendor/squid-cache
- canonical/squid-cache squid
- version/squid-cache squid/4.9
- version/squid-cache squid/4.17
- version/squid-cache squid/5.0.6
- package-manager/debian