CVE-2022-41317

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-41317
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41317.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-41317
Downstream
Related
Published
2022-12-25T19:15:10Z
Modified
2025-10-21T07:14:39.455461Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type
GIT
Repo
https://github.com/squid-cache/squid
Events
Introduced
1521895e24671463bf590cabcdbd2acf637ed2c1
Fixed
5bb2694408e7a42897e9efe775361579d8864de8

Affected versions

Other

SQUID_5_0_6
SQUID_5_0_7
SQUID_5_1
SQUID_5_2
SQUID_5_3
SQUID_5_4_1
SQUID_5_5
SQUID_5_6

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/squid-cache/squid/commit/5bb2694408e7a42897e9efe775361579d8864de8",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "src/ssl/support.cc"
        },
        "id": "CVE-2022-41317-0a2a77c1",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "157750309172091702582925428005493227867",
                "218881333121098214655110636846154953560",
                "206051021408544867493777671469714873892",
                "70933281598196939590700626067890505816",
                "237286626667678540720639229716632419352",
                "12908433598266290249320675408114387116",
                "185234433191157783139533113985827305669",
                "91207162898924998580933656119642315529",
                "12830155845411348948611201853498301870",
                "98043717554064422388750680731084828886"
            ]
        }
    },
    {
        "source": "https://github.com/squid-cache/squid/commit/5bb2694408e7a42897e9efe775361579d8864de8",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "Ssl::Initialize",
            "file": "src/ssl/support.cc"
        },
        "id": "CVE-2022-41317-1f50be07",
        "signature_type": "Function",
        "digest": {
            "length": 2417.0,
            "function_hash": "188390915243848524858308343346591833357"
        }
    },
    {
        "source": "https://github.com/squid-cache/squid/commit/5bb2694408e7a42897e9efe775361579d8864de8",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "src/security/ServerOptions.cc"
        },
        "id": "CVE-2022-41317-f2e2486f",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "284090572366065137028192422215588986250",
                "19951007384723126726267253642941680731",
                "156669495693973190387507273863492603738",
                "301758475509959629984069537199932148530",
                "97161342785240974768606456605877618890",
                "169523640118712761496248132354948595410",
                "167510253363874404944685795350416904550",
                "135929239310644637345597208847357782135"
            ]
        }
    }
]