Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2019-12525

Published: 11/07/2019 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Squid-cache

Vulnerability Summary

An issue exists in Squid 3.3.9 up to and including 3.5.28 and 4.x up to and including 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

squid-cache squid

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

opensuse leap 15.0

opensuse leap 15.1

fedoraproject fedora 29

canonical ubuntu linux 18.04

canonical ubuntu linux 19.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

Vendor Advisories

Red Hat: Important: squid:4 security update
Synopsis Important: squid:4 security update Type/Severity Security Advisory: Important Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) ...
Red Hat: Important: squid security update
Synopsis Important: squid security update Type/Severity Security Advisory: Important Topic An update for squid is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Ubuntu Security Notice: squid, squid3 vulnerabilities
Several security issues were fixed in Squid ...
Ubuntu Security Notice: squid3 vulnerabilities
Several security issues were fixed in Squid ...
Debian Security Advisories: DSA-4507-1 squid -- security update
Several vulnerabilities were discovered in Squid, a fully featured web proxy cache The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgrcgi allowed remote attackers to perform denial of service and cross-site scripting attacks, and potentially the execution of arbitrary code For the ...
Amazon Linux AMI: ALAS-2020-1386
An issue was discovered in Squid before 502 A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden This occurs because the attacker can overflow the nonce reference counter (a short integer) Remote code execution may occur if the pooled token credentials are freed (instead of ...
Amazon Linux AMI: ALAS-2020-1378
An issue was discovered in Squid through 47 When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate This function uses a fixed stack buffer to hold the expression while it's being evaluated When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack When adding ...
Red Hat: CVE-2019-12525
Impact: Moderate Public Date: 2019-07-12 CWE: CWE-119 Bugzilla: 1730535: CVE-2019-12525 squid: parsing ...
Amazon Linux 2: ALASSQUID4-2023-007
An issue was discovered in Squid before 49 When handling a URN request, a corresponding HTTP request is made This HTTP request doesn't go through the access checks that incoming HTTP requests go through This causes all access checks to be bypassed and allows access to restricted HTTP servers, eg, an attacker can connect to HTTP servers that o ...
Amazon Linux 2: ALAS2-2020-1448
An issue was discovered in Squid before 502 A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden This occurs because the attacker can overflow the nonce reference counter (a short integer) Remote code execution may occur if the pooled token credentials are freed (instead of ...
Amazon Linux 2: ALASSQUID4-2023-008
A flaw was found in Squid through version 47 When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression While processing the expression, there is no check to ensure that the stack won't overflow The highest threat from this vulnerability is to data ...

References

CWE-787http://www.squid-cache.org/Versions/v4/changesets/http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patchhttps://github.com/squid-cache/squid/commits/v4https://usn.ubuntu.com/4065-1/https://lists.debian.org/debian-lts-announce/2019/07/msg00018.htmlhttps://usn.ubuntu.com/4065-2/https://www.debian.org/security/2019/dsa-4507https://seclists.org/bugtraq/2019/Aug/42http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.htmlhttps://lists.debian.org/debian-lts-announce/2020/07/msg00009.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:2041https://usn.ubuntu.com/4065-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook