PT-2019-5772 · Squid+7 · Squid+8

Jeriko One

Published

2019-11-14

Updated

2024-06-15

CVE-2019-12526

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Squid versions prior to 4.9

Description The issue is related to a heap-based buffer overflow in the URN response handling mechanism of Squid. This is due to insufficient size checking of copied data. Exploitation of this issue can allow a remote attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For versions prior to 4.9, update to version 4.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the URN response handling mechanism until a patch is available.

Exploit

Fix

Memory Corruption

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-120

Related Identifiers

ALSA-2020:4743

ALT-PU-2020-1479

ALT-PU-2020-1494

BDU:2021-01746

CESA-2020_4743

CVE-2019-12526

DLA-2028-1

DLA-2278-1

DSA-4682-1

MGASA-2019-0382

OPENSUSE-SU-2019:2540-1

OPENSUSE-SU-2019:2541-1

OPENSUSE-SU-2019_2540-1

OPENSUSE-SU-2019_2541-1

OPENSUSE-SU-2024:11403-1

RHSA-2020:4743

RHSA-2020_4743

RLSA-2020:4743

SUSE-SU-2019:2975-1

SUSE-SU-2019:3067-1

SUSE-SU-2020:0661-1

SUSE-SU-2020:14460-1

USN-4213-1

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

PT-2019-5772 · Squid+7 · Squid+8

CVE-2019-12526

Weakness Enumeration

Related Identifiers

Affected Products

References · 163