Количество 13
Количество 13
GHSA-99gm-2796-7c8p
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.
CVE-2019-12529
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through ...
BDU:2020-01848
Уязвимость прокси-сервера Squid, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию
SUSE-SU-2019:2089-1
Security update for squid
openSUSE-SU-2019:2541-1
Security update for squid
openSUSE-SU-2019:2540-1
Security update for squid
SUSE-SU-2019:2975-1
Security update for squid
RLSA-2020:4743
Moderate: squid:4 security, bug fix, and enhancement update
ELSA-2020-4743
ELSA-2020-4743: squid:4 security, bug fix, and enhancement update (MODERATE)
SUSE-SU-2020:14460-1
Security update for squid3
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-99gm-2796-7c8p An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages. | CVSS3: 5.9 | 18% Средний | около 3 лет назад |
 | CVE-2019-12529 An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages. | CVSS3: 5.9 | 18% Средний | почти 6 лет назад |
 | CVE-2019-12529 An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages. | CVSS3: 4.3 | 18% Средний | почти 6 лет назад |
 | CVE-2019-12529 An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages. | CVSS3: 5.9 | 18% Средний | почти 6 лет назад |
| CVE-2019-12529 An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through ... | CVSS3: 5.9 | 18% Средний | почти 6 лет назад |
 | BDU:2020-01848 Уязвимость прокси-сервера Squid, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 5.9 | 18% Средний | почти 6 лет назад |
 | SUSE-SU-2019:2089-1 Security update for squid | почти 6 лет назад | ||
| openSUSE-SU-2019:2541-1 Security update for squid | больше 5 лет назад | ||
| openSUSE-SU-2019:2540-1 Security update for squid | больше 5 лет назад | ||
| SUSE-SU-2019:2975-1 Security update for squid | больше 5 лет назад | ||
 | RLSA-2020:4743 Moderate: squid:4 security, bug fix, and enhancement update | больше 4 лет назад | ||
| ELSA-2020-4743 ELSA-2020-4743: squid:4 security, bug fix, and enhancement update (MODERATE) | больше 4 лет назад | ||
| SUSE-SU-2020:14460-1 Security update for squid3 | почти 5 лет назад |
Уязвимостей на страницу