CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
89.8%
Severity: Critical
Date : 2019-07-17
CVE-ID : CVE-2019-12527
Package : squid
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1004
The package squid before version 4.8-1 is vulnerable to arbitrary code
execution.
Upgrade to 4.8-1.
The problem has been fixed upstream in version 4.8.
None.
Due to incorrect buffer management Squid versions prior to 4.8 are
vulnerable to a heap overflow and possible remote code execution attack
when processing HTTP Authentication credentials.
A remote attacker can execute arbitrary code via crafted HTTP requests.
http://www.squid-cache.org/Advisories/SQUID-2019_5.txt
http://www.squid-cache.org/Versions/v4/changesets/squid-4-7f73e9c5d17664b882ed32590e6af310c247f320.patch
https://security.archlinux.org/CVE-2019-12527
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
89.8%