CVE-2023-43644 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-43644

CVE-2023-43644

September 25, 2023

Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments.

Related Resources (6)

https://github.com/SagerNet/sing/commit/5b05b5c147d9650e8accb4441e216c72a61f4859

https://nvd.nist.gov/vuln/detail/CVE-2023-43644

https://github.com/SagerNet/sing-box

https://github.com/SagerNet/sing-box/commit/9891fd672f5da9f20f59a1693271a946727f49e2

https://github.com/SagerNet/sing-box/security/advisories/GHSA-r5hm-mp3j-285g

https://github.com/SagerNet/sing-box/releases/tag/v1.4.5

Do you need more information?

CVSS v4

Base Score:

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Weakness Type (CWE)

Missing Authentication for Critical Function

CWE-306

EPSS

Base Score:

0.17

Products

Solutions

Resources

Company

Compare

Developer Tools