Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-12527

Published: 11 July 2019

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

Notes

AuthorNote
mdeslaur
code in 3.5 is different and doesn't look vulnerable.

Priority

Medium

Cvss 3 Severity Score

8.8

Score breakdown

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Ignored
(reached end-of-life)
disco
Released (4.4-1ubuntu2.2)
trusty Does not exist

upstream
Released (4.8)
xenial Does not exist

Patches:
upstream: https://github.com/squid-cache/squid/commit/2582f64a7a33577cd31a82f34da95f3c6e4f5415 (master)
upstream: https://github.com/squid-cache/squid/commit/7f73e9c5d17664b882ed32590e6af310c247f320 (4.x)
squid3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
cosmic Does not exist

disco Does not exist

upstream Needed

xenial Not vulnerable
(code not present)

Severity score breakdown

Parameter Value
Base score 8.8
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H