CVE-2019-12526 Information
Share on:Description
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.squid-cache.org/Advisories/SQUID-2019_7.txt https://bugzilla.suse.com/show_bug.cgi?id=1156326 https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://lists.fedoraproject.org/archives/list/[email protected]/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/ https://lists.fedoraproject.org/archives/list/[email protected]/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/ https://security.gentoo.org/glsa/202003-34 https://usn.ubuntu.com/4213-1/ https://www.debian.org/security/2020/dsa-4682
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8