PT-2020-5158 · Squid+7 · Squid+8

Jeriko One

·

Published

2020-02-04

·

Updated

2024-06-15

·

CVE-2019-12528

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Squid versions prior to 4.10
Description The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to gain access to sensitive information by sending specially crafted requests. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes.
Recommendations For Squid versions prior to 4.10, update to version 4.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the FTP server to minimize the risk of exploitation. Avoid using the vulnerable Squid proxy server until the issue is resolved.

Fix

Buffer Overflow

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-200

Related Identifiers

ALSA-2020:4743
ALT-PU-2020-1479
ALT-PU-2020-1494
BDU:2020-05767
CESA-2020_4082
CESA-2020_4743
CVE-2019-12528
DLA-2278-1
DSA-4682-1
MGASA-2020-0106
OPENSUSE-SU-2020:0307-1
OPENSUSE-SU-2020:0606-1
OPENSUSE-SU-2020:0623-1
OPENSUSE-SU-2020_0307-1
OPENSUSE-SU-2020_0606-1
OPENSUSE-SU-2020_0623-1
OPENSUSE-SU-2024:11403-1
RHSA-2020:4082
RHSA-2020:4743
RHSA-2020_4082
RHSA-2020_4743
RLSA-2020:4743
SUSE-SU-2020:0487-1
SUSE-SU-2020:0493-1
SUSE-SU-2020:0661-1
SUSE-SU-2020:1134-1
SUSE-SU-2020:1156-1
SUSE-SU-2020:14460-1
SUSE-SU-2020_0487-1
SUSE-SU-2020_0493-1
USN-4289-1

Affected Products

Alt Linux
Almalinux
Centos
Red Hat
Rocky Linux
Squid
Squid Cache
Suse
Ubuntu