Primary

Context

yrutschle sslh Improper Link Resolution Vulnerability

Vulnerability

Patched

A vulnerability has been identified in yrutschle sslh versions prior to 2.2.2, related to improper link resolution before file access, commonly known as a 'link following' vulnerability. This issue arises in the 'write_pid_file()' function, which was copied from the Unbound DNS resolver but did not incorporate a crucial security patch. The vulnerability could potentially be exploited to interfere with the PID file management, especially if sslh is run by a user with limited privileges.

Impact

Exploitation of this vulnerability could lead to unintended interference with the PID file management, potentially causing issues with how sslh manages its processes.

Remediation

Users can upgrade to sslh version 2.2.3 or later, which includes the necessary fix for this vulnerability.

Added: Jun 23, 2025, 10:26 AM

Updated: Jun 23, 2025, 10:26 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

7.5

exploitability

4.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

5.7

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

yrutschle sslh Improper Link Resolution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

yrutschle sslh

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating