Vulnerability CVE-2019-12525: Information
Description
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token's value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
squid | sisyphus | 4.8-alt1 | 6.10-alt1 | ALT-PU-2019-2264-1 | 234531 | Fixed |
squid | p10 | 4.8-alt1 | 6.6-alt1 | ALT-PU-2019-2264-1 | 234531 | Fixed |
squid | p9 | 4.8-alt1 | 4.13-alt1 | ALT-PU-2019-2271-1 | 234609 | Fixed |
squid | p8 | 3.5.28-alt1 | 3.5.28-alt1 | ALT-PU-2019-2542-1 | 236485 | Fixed |
squid | c10f1 | 4.8-alt1 | 6.6-alt1 | ALT-PU-2019-2264-1 | 234531 | Fixed |
squid | c9f2 | 4.8-alt1 | 4.15-alt1 | ALT-PU-2019-2271-1 | 234609 | Fixed |
squid | p11 | 4.8-alt1 | 6.8-alt1 | ALT-PU-2019-2264-1 | 234531 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
http://www.squid-cache.org/Versions/v4/changesets/ |
|
http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch |
|
https://github.com/squid-cache/squid/commits/v4 |
|
USN-4065-1 |
|
[debian-lts-announce] 20190720 [SECURITY] [DLA 1858-1] squid3 security update |
|
USN-4065-2 |
|
DSA-4507 |
|
20190825 [SECURITY] [DSA 4507-1] squid security update |
|
openSUSE-SU-2019:2541 |
|
openSUSE-SU-2019:2540 |
|
[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update |
|
FEDORA-2019-cb50bcc189 |