An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data. Reference: https://github.com/squid-cache/squid/commits/v4 http://www.squid-cache.org/Versions/v4/changesets/ Upstream Patch: http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch
Created squid tracking bugs for this issue: Affects: fedora-all [bug 1730534]
External References: http://www.squid-cache.org/Advisories/SQUID-2019_5.txt
Mitigation: Deny ftp:// protocol URLs being proxied and Cache Manager report access to all clients: acl FTP proto FTP http_access deny FTP http_access deny manager
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:2593 https://access.redhat.com/errata/RHSA-2019:2593
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12527