Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-r5hm-mp3j-285g: sing-box vulnerable to improper authentication in the SOCKS inbound

Impact

This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication.

Patches

Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions.

Workarounds

Don’t expose the SOCKS5 inbound to insecure environments.

ghsa
Open in Source
#vulnerability#git#auth

sing-box vulnerable to improper authentication in the SOCKS inbound

Critical severity GitHub Reviewed Published Sep 25, 2023 in SagerNet/sing-box • Updated Sep 26, 2023

Related news

CVE-2023-43644: Improper authentication in the SOCKS inbound

Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments.

ghsa: Latest News

GHSA-mm6v-68qp-f9fw: Crayfish allows Remote Code Execution via Homarus Authorization header
ghsa