Description
A buffer over-read was discovered in libntlmauth in Squid 2.5 through 5.6. Due to incorrect integer-overflow protection, the SSPI and SMB authentication helpers are vulnerable to reading unintended memory locations. In some configurations, cleartext credentials from these locations are sent to a client. This is fixed in 5.7.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-22059 Vulnerability (CVE-2023-22059)
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16177)
MySQL CVE-2021-35637 Vulnerability (CVE-2021-35637)
Oracle Application Server Other Vulnerability (CVE-2005-3445)
WordPress Plugin Simple Job Board Directory Traversal (2.9.3)