Description

An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.

Remediation

References

CVE-2019-12527

Related Vulnerabilities

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-7490)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-6125)

Seo Panel Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2024-22646)

Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-5597)

Artifactory Missing Authorization Vulnerability (CVE-2019-10322)

Severity

High

Classification

CVE-2019-12527 CWE-787 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities