Description
An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data.
Remediation
References
Related Vulnerabilities
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.6)
WordPress 4.3.x Cross-Site Request Forgery (4.3 - 4.3.18)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-3579)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.16.10)