Description

An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.

Remediation

References

CVE-2019-12526

Related Vulnerabilities

Moodle Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9187)

WordPress Plugin Stripe Payment for WooCommerce Cross-Site Scripting (3.5.9)

Oracle Database Server CVE-2006-5336 Vulnerability (CVE-2006-5336)

WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.0.3.2)

Joomla CVE-2006-4472 Vulnerability (CVE-2006-4472)

Severity

Critical

Classification

CVE-2019-12526 CWE-120 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities