Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-43644: Improper authentication in the SOCKS inbound

Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments.

CVE
Open in Source
#vulnerability#git#auth

Package

gomod github.com/sagernet/sing-box (Go)

Affected versions

< 1.5.0-rc.5

Description

Impact

This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication.

Patches

Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions.

Workarounds

Don’t expose the SOCKS5 inbound to insecure environments.

Related news

GHSA-r5hm-mp3j-285g: sing-box vulnerable to improper authentication in the SOCKS inbound

### Impact This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication. ### Patches Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions. ### Workarounds Don't expose the SOCKS5 inbound to insecure environments.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE