{
  "threat_severity" : "Moderate",
  "public_date" : "2019-11-05T00:00:00Z",
  "bugzilla" : {
    "description" : "squid: Heap overflow issue in URN processing",
    "id" : "1770356",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1770356"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-119",
  "details" : [ "An issue was discovered in Squid before 4.9. URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap.", "A heap-based buffer overflow was found in the way squid processed certain Uniform Resource Names (URNs). A remote attacker could use this flaw to cause Squid to crash or execute arbitrary code with the permissions of the user running Squid." ],
  "statement" : "This is a heap-based buffer overflow, which can be triggered by a malicious client. The client can overwrite substantial amount of heap potentially causing squid to crash or even execute arbitrary code with the permissions of the user running squid (normally squid user which is non-privileged). Also on Red Hat Products, squid is confined with selinux which should reduce the possibilities of code execution.\nBecause of the above mentioned difficulties in exploitation, Red Hat Product Security has classified this flaw as having Moderate impact.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4743",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "squid:4-8030020200828070549.30b713e6"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "squid",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "squid",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "squid34",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "squid",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-12526\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12526\nhttp://www.squid-cache.org/Advisories/SQUID-2019_7.txt" ],
  "name" : "CVE-2019-12526",
  "mitigation" : {
    "value" : "The following mitigation is suggested by upstream:\nDeny urn: protocol URI being proxied to all clients:\n~~~\nacl URN proto URN\nhttp_access deny URN\n~~~",
    "lang" : "en:us"
  },
  "csaw" : false
}