CVE-2022-41317

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

References

Affected packages

Git / github.com/squid-cache/squid

Affected ranges

Type

GIT

Repo

https://github.com/squid-cache/squid

Events

Introduced

69be6ba1bcc88ff9b75b526e936a4bae23f05bea

Last affected

874e8b4ca0342a1c399ddadc1cf6998590fa46a6

Introduced

1521895e24671463bf590cabcdbd2acf637ed2c1

Fixed

5bb2694408e7a42897e9efe775361579d8864de8

Database specific

{
    "versions": [
        {
            "introduced": "4.9"
        },
        {
            "last_affected": "4.17"
        },
        {
            "introduced": "5.0.6"
        },
        {
            "fixed": "5.7"
        }
    ]
}

Affected versions

Other

SQUID_4_10

SQUID_4_11

SQUID_4_12

SQUID_4_13

SQUID_4_14

SQUID_4_15

SQUID_4_16

SQUID_4_17

SQUID_4_9

SQUID_5_0_6

SQUID_5_0_7

SQUID_5_1

SQUID_5_2

SQUID_5_3

SQUID_5_4_1

SQUID_5_5

SQUID_5_6

Database specific

vanir_signatures_modified

"2026-04-12T03:22:17Z"

vanir_signatures

[
    {
        "id": "CVE-2022-41317-0a2a77c1",
        "deprecated": false,
        "source": "https://github.com/squid-cache/squid/commit/5bb2694408e7a42897e9efe775361579d8864de8",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "src/ssl/support.cc"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "157750309172091702582925428005493227867",
                "218881333121098214655110636846154953560",
                "206051021408544867493777671469714873892",
                "70933281598196939590700626067890505816",
                "237286626667678540720639229716632419352",
                "12908433598266290249320675408114387116",
                "185234433191157783139533113985827305669",
                "91207162898924998580933656119642315529",
                "12830155845411348948611201853498301870",
                "98043717554064422388750680731084828886"
            ]
        }
    },
    {
        "id": "CVE-2022-41317-1f50be07",
        "deprecated": false,
        "source": "https://github.com/squid-cache/squid/commit/5bb2694408e7a42897e9efe775361579d8864de8",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "function": "Ssl::Initialize",
            "file": "src/ssl/support.cc"
        },
        "digest": {
            "function_hash": "188390915243848524858308343346591833357",
            "length": 2417.0
        }
    },
    {
        "id": "CVE-2022-41317-f2e2486f",
        "deprecated": false,
        "source": "https://github.com/squid-cache/squid/commit/5bb2694408e7a42897e9efe775361579d8864de8",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "src/security/ServerOptions.cc"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "284090572366065137028192422215588986250",
                "19951007384723126726267253642941680731",
                "156669495693973190387507273863492603738",
                "301758475509959629984069537199932148530",
                "97161342785240974768606456605877618890",
                "169523640118712761496248132354948595410",
                "167510253363874404944685795350416904550",
                "135929239310644637345597208847357782135"
            ]
        }
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-41317.json"