Out-of-bounds Write

CVE-2019-12526

High

9.8/10

Summary

An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-787 - Out-of-Bounds Write

Out-of-bounds write vulnerability is a memory access bug that allows software to write data past the end or before the beginning of the intended buffer. This may result in the corruption of data, a crash, or arbitrary code execution.

References

Advisory Timeline

Published Nov 26, 2019

Out-of-bounds Write

CVE-2019-12526

Summary

CWE-787 - Out-of-Bounds Write

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS