vulnerability
Red Hat: CVE-2022-41318: buffer-over-read in SSPI and SMB authentication (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:C/I:N/A:N) | Oct 4, 2022 | Oct 20, 2022 | Mar 27, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Published
Oct 4, 2022
Added
Oct 20, 2022
Modified
Mar 27, 2026
Description
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
Solutions
redhat-upgrade-libecapredhat-upgrade-libecap-debuginforedhat-upgrade-libecap-debugsourceredhat-upgrade-libecap-develredhat-upgrade-squidredhat-upgrade-squid-debuginforedhat-upgrade-squid-debugsourceredhat-upgrade-squid-migration-scriptredhat-upgrade-squid-sysvinit
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.