Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-12527 - log back

CVE-2019-12527 created at 25 Sep 2019 19:31:40

Severity

+

Critical

Remote

+

Remote

Type

+	Arbitrary code execution

Description

+	Due to incorrect buffer management Squid versions prior to 4.8 are vulnerable to a heap overflow and possible remote code execution attack when processing HTTP Authentication credentials.

References

+	http://www.squid-cache.org/Advisories/SQUID-2019_5.txt
+	http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch

Notes