CVE-2008-1167 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Lineu Orso Sarg

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents5 sources

Severity

10.0CRITICALNVD

NVD9.3

EPSS

13.0%

top 5.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pedro Lineu Orso Sarg Sarg Squid Analysis Report Generator

Timeline

PublishedMar 5

Latest updateMay 14

Description

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsarg/squid_analysis_report_generator2.2.3.1

▶Debianpedro_lineu_orso/sarg< 2.2.4-1+2

▶NVDpedro_lineu_orso/sarg2.2.4

🔴Vulnerability Details

GHSA

GHSA-c45x-xf6p-9qhc: Buffer overflow in Squid Analysis Report Generator (Sarg) 2↗2022-05-14

▶

GHSA

GHSA-w7j3-4592-9f4v: Stack-based buffer overflow in the useragent function in useragent↗2022-05-01

▶

OSV

CVE-2008-7249: Buffer overflow in Squid Analysis Report Generator (Sarg) 2↗2009-12-30

▶

CVEList

CVE-2008-7249: Buffer overflow in Squid Analysis Report Generator (Sarg) 2↗2009-12-30

▶

CVEList

CVE-2008-1167: Stack-based buffer overflow in the useragent function in useragent↗2008-03-05

▶

📋Vendor Advisories

Debian

CVE-2008-7249: sarg - Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably ...↗2008

▶

Debian

CVE-2008-1167: sarg - Stack-based buffer overflow in the useragent function in useragent.c in Squid An...↗2008

▶