Advisories » MGASA-2023-0178

Updated sniproxy packages fix security vulnerability

Publication date: 21 May 2023
Modification date: 21 May 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-25076

Description

A buffer overflow vulnerability exists in the handling of wildcard backend
hosts of SNIProxy. A specially crafted HTTP or TLS packet can lead to
arbitrary code execution. An attacker could send a malicious packet to
trigger this vulnerability. (CVE-2023-25076)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31879
• https://www.debian.org/lts/security/2023/dla-3406
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25076

SRPMS

8/core

• sniproxy-0.6.1-1.mga8