CVE-2019-18676

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 1.78 % (88^th)

Affected Products 4

Advisories 15

An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.

Weaknesses

CWE-787: Out-of-bounds Write

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-11-26 17:15:12
(4 years ago)
Updated Date: 2023-11-07 03:06:53
(10 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Squid-cache Squid from 3.0 version and 3.5.28 and prior versions	cpe:2.3:a:squid-cache:squid	>= 3.0	<= 3.5.28
	Squid-cache Squid from 4.0 version and 4.8 and prior versions	cpe:2.3:a:squid-cache:squid	>= 4.0	<= 4.8

Configuration #2

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04
	Canonical Ubuntu Linux 19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10

Configuration #3

		CPE23	From	Up To
	Fedoraproject Fedora 30	cpe:2.3:o:fedoraproject:fedora:30
	Fedoraproject Fedora 31	cpe:2.3:o:fedoraproject:fedora:31

Configuration #4

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0

Configuration #5

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts

Weaknesses

Affected Products

Canonical

Debian

Fedoraproject

Squid-cache

Configuration #1

Configuration #2

Configuration #3

Configuration #4

Configuration #5