Description

An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.

Remediation

References

CVE-2019-12526

Related Vulnerabilities

WordPress Plugin VDZ VERIFICATION (Custom Meta Tags) Cross-Site Scripting (1.3.12)

WordPress Plugin Essential Grid Portfolio-Photo Gallery Security Bypass (1.1.2)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25601)

WordPress Plugin Duplicate Page Unspecified Vulnerability (3.5)

WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2025-21549)

Severity

Critical

Classification

CVE-2019-12526 CWE-120 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities