Note:
This project will be discontinued after December 13, 2021. [more]
2019-11-26
An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.
| Products | Ubuntu_linux, Debian_linux, Fedora, Leap, Squid |
| Type | Out-of-bounds Write (CWE-787) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/
• https://bugzilla.suse.com/show_bug.cgi?id=1156326 • https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html • http://www.squid-cache.org/Advisories/SQUID-2019_7.txt • https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html |