CVE-2019-12529 — Out-of-bounds Read in Squid
Severity
5.9MEDIUMNVD
EPSS
16.2%
top 5.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 11
Latest updateMay 24
Description
An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being de…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages3 packages
Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 29, Ubuntu Linux 12.04, 16.04, 18.04, 19.04