Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-12527

Опубликовано: 11 июл. 2019
Источник: debian

Описание

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
squidfixed4.8-1package
squid3not-affectedpackage

Примечания

  • http://www.squid-cache.org/Advisories/SQUID-2019_5.txt

  • http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch

  • The code in squid 3.x limits the amount of input data decoded to one byte less

  • than the length of the target buffer, whilst in 4.x the entire input is decoded

  • without regard for the size of the target buffer.

Связанные уязвимости

ubuntu логотип

CVE-2019-12527

CVSS3: 8.8
ubuntu
почти 6 лет назад

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

redhat логотип

CVE-2019-12527

CVSS3: 7.5
redhat
почти 6 лет назад

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

nvd логотип

CVE-2019-12527

CVSS3: 8.8
nvd
почти 6 лет назад

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

rocky логотип

RLSA-2019:2593

rocky
почти 6 лет назад

Important: squid:4 security update

github логотип

GHSA-8x4r-gffh-rx7f

CVSS3: 8.8
github
около 3 лет назад

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.