Your submission was sent successfully! Close

CVE-2019-12527

Published: 11 July 2019

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
squid
Launchpad, Ubuntu, Debian
bionic Does not exist

cosmic Ignored
(reached end-of-life)
disco
Released (4.4-1ubuntu2.2)
precise Does not exist

trusty Does not exist

upstream
Released (4.8)
xenial Does not exist

squid3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
cosmic Does not exist

disco Does not exist

precise Not vulnerable
(code not present)
trusty Does not exist

upstream Needed

xenial Not vulnerable
(code not present)