Source: sniproxy Version: 0.6.0-2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for sniproxy. CVE-2023-25076[0]: | A buffer overflow vulnerability exists in the handling of wildcard | backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: | 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, | TLS or DTLS packet can lead to arbitrary code execution. An attacker | could send a malicious packet to trigger this vulnerability. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-25076 https://www.cve.org/CVERecord?id=CVE-2023-25076 [1] https://talosintelligence.com/vulnerability_reports/TALOS-2023-1731 [2] https://github.com/dlundquist/sniproxy/commit/f8d9a433fe22ab2fa15c00179048ab02ae23d583 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
