Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-12527

Опубликовано: 12 июл. 2019
Источник: redhat
CVSS3: 7.5
EPSS Средний

Описание

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

A flaw was discovered in Squid versions 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data but does not check that the decoded length is not greater than the buffer. This flaw leads to a heap-based buffer overflow with user-controlled data.

Меры по смягчению последствий

Deny ftp:// protocol URLs being proxied and Cache Manager report access to all clients: acl FTP proto FTP http_access deny FTP http_access deny manager

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5squidNot affected
Red Hat Enterprise Linux 6squidNot affected
Red Hat Enterprise Linux 6squid34Not affected
Red Hat Enterprise Linux 7squidNot affected
Red Hat Enterprise Linux 8squidFixedRHSA-2019:259303.09.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1730533squid: heap-based buffer overflow in HttpHeader::getAuth

EPSS

Процентиль: 94%
0.15907
Средний

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-12527

CVSS3: 8.8
ubuntu
почти 6 лет назад

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

nvd логотип

CVE-2019-12527

CVSS3: 8.8
nvd
почти 6 лет назад

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

debian логотип

CVE-2019-12527

CVSS3: 8.8
debian
почти 6 лет назад

An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...

rocky логотип

RLSA-2019:2593

rocky
почти 6 лет назад

Important: squid:4 security update

github логотип

GHSA-8x4r-gffh-rx7f

CVSS3: 8.8
github
около 3 лет назад

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

EPSS

Процентиль: 94%
0.15907
Средний

7.5 High

CVSS3