9.8

CVE-2023-43644

Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SagernetSing-box Version < 1.4.5
SagernetSing-box Version1.5.0 Updatebeta1
SagernetSing-box Version1.5.0 Updatebeta10
SagernetSing-box Version1.5.0 Updatebeta11
SagernetSing-box Version1.5.0 Updatebeta12
SagernetSing-box Version1.5.0 Updatebeta2
SagernetSing-box Version1.5.0 Updatebeta3
SagernetSing-box Version1.5.0 Updatebeta4
SagernetSing-box Version1.5.0 Updatebeta5
SagernetSing-box Version1.5.0 Updatebeta6
SagernetSing-box Version1.5.0 Updatebeta7
SagernetSing-box Version1.5.0 Updatebeta8
SagernetSing-box Version1.5.0 Updatebeta9
SagernetSing-box Version1.5.0 Updaterc1
SagernetSing-box Version1.5.0 Updaterc2
SagernetSing-box Version1.5.0 Updaterc3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.392
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.