CVE-2023-25076

Vulnerability

A buffer overflow vulnerability exists in the new_address() function of SNIProxy when parsing hostnames for wildcard backend hosts. Affected versions are SNIProxy 0.6.0-2 and the master branch at commit 822bb80df9b7b345cc9eba55df74a07b498819ba [1]. The overflow occurs during the processing of hostnames obtained from HTTP Host headers or TLS SNI extensions when a wildcard backend is configured [1].

Exploitation

An attacker can trigger this vulnerability by sending a specially crafted HTTP or TLS packet containing a malicious hostname to an SNIProxy instance configured with a wildcard backend [1]. No authentication is required; the attacker only needs network access to the proxy. The crafted hostname causes a buffer overflow in the new_address() function, leading to memory corruption [1].

Impact

Successful exploitation allows arbitrary code execution with the privileges of the SNIProxy process, potentially leading to full system compromise [1]. The CVSSv3 score is 9.8 (Critical) with impacts on confidentiality, integrity, and availability [1]. Denial of service is also possible [1].

Mitigation

The vulnerability is fixed in SNIProxy version 0.6.1, released on 2023-03-16 [2]. Users should upgrade to this version or later. No workarounds are documented in the available references. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.