Vulnerability in N/a
CVE-2019-12527
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buf…
EPSS: 0.515 (98.8th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- www.squid-cache.org/Versions/v4/changesets/ (x_refsource_CONFIRM)
- github.com/squid-cache/squid/commits/v4 (x_refsource_CONFIRM)
- www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6a… (x_refsource_CONFIRM)
- 109143 (vdb-entry, x_refsource_BID)
- USN-4065-1 (vendor-advisory, x_refsource_UBUNTU)
- FEDORA-2019-cb50bcc189 (vendor-advisory, x_refsource_FEDORA)
- DSA-4507 (vendor-advisory, x_refsource_DEBIAN)
- 20190825 [SECURITY] [DSA 4507-1] squid security update (mailing-list, x_refsource_BUGTRAQ)
- RHSA-2019:2593 (vendor-advisory, x_refsource_REDHAT)
- openSUSE-SU-2019:2540 (vendor-advisory, x_refsource_SUSE)
Frequently asked questions
- What is CVE-2019-12527?
- CVE-2019-12527 is a vulnerability in N/a. Published 2019-07-11.
- Is CVE-2019-12527 known to be exploited?
- 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.