PT-2019-5184 · Squid+7 · Squid+8

Jeriko One

Publicado

2019-11-14

Atualizado

2023-03-03

CVE-2019-18676

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Squid versions 3.x through 4.8

Description An issue was discovered due to incorrect input validation, resulting in a heap-based buffer overflow that can cause Denial of Service to all clients using the proxy. The severity is high because this issue occurs before normal security checks, allowing any remote client that can reach the proxy port to perform the attack via a crafted URI scheme.

Recommendations For Squid versions 3.x through 4.8, update to a version later than 4.8 to resolve the issue. As a temporary workaround, consider restricting access to the proxy port to minimize the risk of exploitation.

Correção

DoS

Memory Corruption

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-20

Identificadores relacionados

ALSA-2020:4743

ALT-PU-2020-1479

ALT-PU-2020-1494

BDU:2020-01857

CESA-2020_4743

CVE-2019-18676

DLA-2278-1

DSA-4682-1

MGASA-2019-0382

OPENSUSE-SU-2019:2540-1

OPENSUSE-SU-2019:2541-1

OPENSUSE-SU-2019_2540-1

OPENSUSE-SU-2019_2541-1

RHSA-2020:4743

RHSA-2020_4743

RLSA-2020:4743

SUSE-SU-2019:2975-1

SUSE-SU-2019:3067-1

SUSE-SU-2020:0661-1

SUSE-SU-2020:14460-1

SUSE-SU-2022:14908-1

SUSE-SU-2022_14908-1

USN-4213-1

USN-4446-1

USN-4446-2

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

PT-2019-5184 · Squid+7 · Squid+8

CVE-2019-18676

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 151