PT-2023-28895 · Sing-Box · Sing-Box

Nekohasekai

Publicado

2023-09-25

Atualizado

2023-10-02

CVE-2023-43644

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Sing-box versions prior to 1.4.4 Sing-box versions prior to 1.5.0-rc.4

Description The issue affects all SOCKS5 inbounds with user authentication in Sing-box, allowing an attacker to bypass authentication when specially crafted requests are sent. Users unable to update should not expose the SOCKS5 inbound to insecure environments.

Recommendations Update to sing-box 1.4.4 or to 1.5.0-rc.4 to resolve the issue. As a temporary workaround, do not expose the SOCKS5 inbound to insecure environments.

Exploit

Correção

Missing Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306

Identificadores relacionados

CVE-2023-43644

GHSA-R5HM-MP3J-285G

GO-2023-2077

Produtos afetados

Sing-Box

PT-2023-28895 · Sing-Box · Sing-Box

CVE-2023-43644

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14