Heap-Based Buffer Overflow in Squid Proxy Server
CVE-2019-12526

9.8CRITICAL

Key Information:

Vendor

Squid-cache

Status
Squid
Vendor
CVE Published:
26 November 2019

What is CVE-2019-12526?

A heap-based buffer overflow vulnerability exists in the Squid Proxy Server prior to version 4.9. This flaw arises from inadequate handling of URN response messages, allowing attackers to send data that exceeds the allocated buffer size. As a result, this overflow can be exploited, giving attackers the potential to execute arbitrary code or crash the service, thereby compromising the security and integrity of the system.

References

https://bugzilla.suse.com/show_bug.cgi?id=1156326
x_refsource_CONFIRM
http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
x_refsource_CONFIRM
https://usn.ubuntu.com/4213-1/
vendor-advisoryx_refsource_UBUNTU

EPSS Score

39% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.