{"vulnerability": "CVE-2023-43644", "sightings": [{"uuid": "a3122a20-5ac2-41ea-8e2a-304fc33e66da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-43644", "type": "seen", "source": "https://t.me/cibsecurity/71020", "content": "\u203c CVE-2023-43644 \u203c\n\nSing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-26T00:34:33.000000Z"}]}