Описание
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| cosmic | ignored | end of life |
| devel | released | 4.6-2ubuntu4 |
| disco | released | 4.4-1ubuntu2.2 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 4.8 |
| xenial | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | code not present |
| esm-infra/xenial | not-affected | code not present |
| precise/esm | not-affected | code not present |
| trusty/esm | DNE | |
| upstream | needed |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
An issue was discovered in Squid 4.0.23 through 4.7. When checking Bas ...
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3