Lucene search
Redhat.comRH:CVE-2019-12525HistoryApr 03, 2020 - 1:59 a.m.
CVE-2019-12525
2020-04-0301:59:08
redhat.com
access.redhat.com
17
0.162 Low
EPSS
Percentile
96.0%
An issue was discovered in Squid 3.3.9 through 3.5.28 and 4.x through 4.7. When Squid is configured to use Digest authentication, it parses the header Proxy-Authorization. It searches for certain tokens such as domain, uri, and qop. Squid checks if this token’s value starts with a quote and ends with one. If so, it performs a memcpy of its length minus 2. Squid never checks whether the value is just a single quote (which would satisfy its requirements), leading to a memcpy of its length minus 1.
Mitigation
Remove 'auth_param digest …' configuration settings from squid.conf.
Related
debiancve
debiancve
CVE-2019-12525
2019-07-11 19:15:13
nvd
nvd
CVE-2019-12525
2019-07-11 19:15:13
ubuntucve
ubuntucve
CVE-2019-12525
2019-07-11 00:00:00
osv
osv
CVE-2019-12525
2019-07-11 19:15:13
squid3 - security update
2019-07-20 00:00:00
Important: squid:4 security update
2020-05-06 12:52:10
cvelist
cvelist
CVE-2019-12525
2019-07-11 18:17:49
veracode
veracode
Denial Of Service (DoS)
2020-05-07 02:01:36
prion
prion
Authentication flaw
2019-07-11 19:15:00
alpinelinux
alpinelinux
CVE-2019-12525
2019-07-11 19:15:13
cve
cve
CVE-2019-12525
2019-07-11 19:15:13
openvas
openvas
Squid Security Update Advisory SQUID-2018:3
2019-07-19 00:00:00
Huawei EulerOS: Security Advisory for squid (EulerOS-SA-2019-2053)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-1858-1)
2019-07-21 00:00:00
ubuntu
ubuntu
Squid vulnerabilities
2019-07-22 00:00:00
Squid vulnerabilities
2019-07-18 00:00:00
nessus
nessus
Debian DLA-1858-1 : squid3 security update
2019-07-22 00:00:00
EulerOS 2.0 SP3 : squid (EulerOS-SA-2019-2053)
2019-09-24 00:00:00
Scientific Linux Security Update : squid on SL7.x x86_64 (20200506)
2020-05-07 00:00:00
debian
debian
[SECURITY] [DLA 1858-1] squid3 security update
2019-07-20 23:09:33
[SECURITY] [DSA 4507-1] squid security update
2019-08-24 11:46:36
[SECURITY] [DSA 4507-1] squid security update
2019-08-24 11:46:36
redhat
redhat
(RHSA-2020:2040) Important: squid security update
2020-05-06 12:46:17
(RHSA-2020:2041) Important: squid:4 security update
2020-05-06 12:52:10
centos
centos
squid security update
2020-05-21 14:55:03
almalinux
almalinux
Important: squid:4 security update
2020-05-06 12:52:10
rocky
rocky
squid:4 security update
2020-05-06 12:52:10
mageia
mageia
Updated squid packages fix security vulnerabilities
2019-09-12 22:09:52
Updated squid packages fix security vulnerabilities
2019-09-12 22:09:52
oraclelinux
oraclelinux
squid security update
2020-05-07 00:00:00
squid:4 security update
2020-05-12 00:00:00
squid:4 security update
2020-09-04 00:00:00
amazon
amazon
Important: squid
2020-06-01 12:25:00
Important: squid
2020-06-23 06:08:00
Important: squid
2020-06-26 22:56:00
fedora
fedora
[SECURITY] Fedora 29 Update: squid-4.8-2.fc29
2019-08-14 01:42:54
altlinux
altlinux
Security fix for the ALT Linux 9 package squid version 4.8-alt1
2019-07-16 00:00:00
Security fix for the ALT Linux 8 package squid version 3.5.28-alt1
2019-08-27 00:00:00
suse
suse
Security update for squid (important)
2019-11-21 00:00:00
Security update for squid (important)
2019-11-21 00:00:00