ByteOS Network

Vulnerability Details :

CVE-2022-41317

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-25 Dec, 2022 | 00:00

Updated At-14 Apr, 2025 | 18:34

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:25 Dec, 2022 | 00:00

Updated At:14 Apr, 2025 | 18:34

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq	N/A
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch	N/A
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch	N/A
https://www.openwall.com/lists/oss-security/2022/09/23/1	N/A

Hyperlink: https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq

Resource: N/A

Hyperlink: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch

Resource: N/A

Hyperlink: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch

Resource: N/A

Hyperlink: https://www.openwall.com/lists/oss-security/2022/09/23/1

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq	x_transferred
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch	x_transferred
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch	x_transferred
https://www.openwall.com/lists/oss-security/2022/09/23/1	x_transferred

Hyperlink: https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq

Resource:

x_transferred

Hyperlink: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch

Resource:

x_transferred

Hyperlink: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch

Resource:

x_transferred

Hyperlink: https://www.openwall.com/lists/oss-security/2022/09/23/1

Resource:

x_transferred

2. CISA ADP Vulnrichment

Problem Types

Type	CWE ID	Description
CWE	CWE-697	CWE-697 Incorrect Comparison

Type: CWE

CWE ID: CWE-697

Description: CWE-697 Incorrect Comparison

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:25 Dec, 2022 | 19:15

Updated At:14 Apr, 2025 | 19:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CPE Matches

Squid Cache

>>squid>>Versions from 4.9(inclusive) to 4.17(inclusive)

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Squid Cache

>>squid>>Versions from 5.0.6(inclusive) to 5.7(exclusive)

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-697	Primary	nvd@nist.gov
CWE-697	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-697

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-697

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch	cve@mitre.org	Patch Vendor Advisory
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch	cve@mitre.org	Patch Vendor Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq	cve@mitre.org	Mitigation Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/09/23/1	cve@mitre.org	Mailing List Mitigation Patch Third Party Advisory
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq	af854a3a-2127-422b-91ae-364da2661108	Mitigation Patch Third Party Advisory
https://www.openwall.com/lists/oss-security/2022/09/23/1	af854a3a-2127-422b-91ae-364da2661108	Mailing List Mitigation Patch Third Party Advisory

Hyperlink: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch

Source: cve@mitre.org

Resource:

Patch

Vendor Advisory

Hyperlink: https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq

Source: cve@mitre.org

Resource:

Mitigation

Patch

Third Party Advisory

Hyperlink: https://www.openwall.com/lists/oss-security/2022/09/23/1

Source: cve@mitre.org

Resource:

Mailing List

Mitigation

Patch

Third Party Advisory

Hyperlink: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory

Hyperlink: http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Patch

Vendor Advisory

Hyperlink: https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mitigation

Patch

Third Party Advisory

Hyperlink: https://www.openwall.com/lists/oss-security/2022/09/23/1

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Mitigation

Patch

Third Party Advisory

Similar CVEs

3Records found

CVE-2016-10003

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-1.08% / 78.17%

7 Day CHG-0.67%

Published-27 Jan, 2017 | 17:00

Updated-13 May, 2026 | 00:24

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

Vendor-n/a Squid Cache

Product-squid n/a

CWE ID-CWE-697

Incorrect Comparison

CVE-2020-15811

Matching Score-6

Assigner-MITRE Corporation

View Details

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.18% / 40.04%

7 Day CHG~0.00%

Published-02 Sep, 2020 | 16:35

Updated-04 Aug, 2024 | 13:30

An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due to incorrect data validation, HTTP Request Splitting attacks may succeed against HTTP and HTTPS traffic. This leads to cache poisoning. This allows any client, including browser scripts, to bypass local security and poison the browser cache and any downstream caches with content from an arbitrary source. Squid uses a string search instead of parsing the Transfer-Encoding header to find chunked encoding. This allows an attacker to hide a second request inside Transfer-Encoding: it is interpreted by Squid as chunked and split out into a second request delivered upstream. Squid will then deliver two distinct responses to the client, corrupting any downstream caches.

Vendor-n/a openSUSE Squid Cache Canonical Ltd.Debian GNU/Linux Fedora Project

Product-ubuntu_linux debian_linux squid fedora leap n/a

CWE ID-CWE-697

Incorrect Comparison

CVE-2022-34366

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-6.5||MEDIUM

EPSS-0.10% / 26.40%

7 Day CHG~0.00%

Published-10 Feb, 2023 | 19:18

Updated-24 Mar, 2025 | 18:38

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

Vendor-Dell Inc.

Product-supportassist_for_home_pcs SupportAssist Client Consumer

CWE ID-CWE-942

Permissive Cross-domain Policy with Untrusted Domains

CWE ID-CWE-697

Incorrect Comparison

CVE-2022-41317

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs