CVE-2022-41317

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-41317
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41317.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41317
Downstream
Related
Published
2022-12-25T19:15:10.767Z
Modified
2026-03-15T21:45:01.881914Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
69be6ba1bcc88ff9b75b526e936a4bae23f05bea
Last affected
874e8b4ca0342a1c399ddadc1cf6998590fa46a6
Introduced
1521895e24671463bf590cabcdbd2acf637ed2c1
Fixed
5bb2694408e7a42897e9efe775361579d8864de8
Database specific 
{
    "versions": [
        {
            "introduced": "4.9"
        },
        {
            "last_affected": "4.17"
        },
        {
            "introduced": "5.0.6"
        },
        {
            "fixed": "5.7"
        }
    ]
}

Affected versions

Other
SQUID_4_10
SQUID_4_11
SQUID_4_12
SQUID_4_13
SQUID_4_14
SQUID_4_15
SQUID_4_16
SQUID_4_17
SQUID_4_9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41317.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "157750309172091702582925428005493227867",
                "218881333121098214655110636846154953560",
                "206051021408544867493777671469714873892",
                "70933281598196939590700626067890505816",
                "237286626667678540720639229716632419352",
                "12908433598266290249320675408114387116",
                "185234433191157783139533113985827305669",
                "91207162898924998580933656119642315529",
                "12830155845411348948611201853498301870",
                "98043717554064422388750680731084828886"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/squid-cache/squid/commit/5bb2694408e7a42897e9efe775361579d8864de8",
        "id": "CVE-2022-41317-0a2a77c1",
        "target": {
            "file": "src/ssl/support.cc"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "digest": {
            "function_hash": "188390915243848524858308343346591833357",
            "length": 2417.0
        },
        "source": "https://github.com/squid-cache/squid/commit/5bb2694408e7a42897e9efe775361579d8864de8",
        "id": "CVE-2022-41317-1f50be07",
        "target": {
            "file": "src/ssl/support.cc",
            "function": "Ssl::Initialize"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "284090572366065137028192422215588986250",
                "19951007384723126726267253642941680731",
                "156669495693973190387507273863492603738",
                "301758475509959629984069537199932148530",
                "97161342785240974768606456605877618890",
                "169523640118712761496248132354948595410",
                "167510253363874404944685795350416904550",
                "135929239310644637345597208847357782135"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/squid-cache/squid/commit/5bb2694408e7a42897e9efe775361579d8864de8",
        "id": "CVE-2022-41317-f2e2486f",
        "target": {
            "file": "src/security/ServerOptions.cc"
        }
    }
]