[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.
From: Joshua Rogers <megamansec () gmail ! com>
Date: 2023-10-21 19:24:58
Message-ID: CA+17n5sr6yGrWws73FYSSrMyfQy+m-JjiGZ9KrEf9OyYunY1Vw () mail ! gmail ! com
[Download RAW message or body]
Hi all,
I've updated the page with the following IDs which may be used for tracking:
strlen(NULL) Crash Using Digest Authentication
GHSA-254c-93q9-cp53
Assertion Due to 0 ESI 'when' Checking
GHSA-4g88-277m-q89r
Assertion Using ESI's When Directive
GHSA-4g88-277m-q89r
Stack Buffer Overflow in Digest Authentication
GHSA-phqj-m8gv-cq4g
Buffer Underflow in ESI
GHSA-wgvf-q977-9xjg
Cheers,
Josh
On Fri, Oct 13, 2023 at 8:23 PM Joshua Rogers <megamansec@gmail.com> wrote:
> Hi Amos, oss-security,
>
> I've added GHSA-543m-w2m2-g255 and CVE-2021-46784 for 'Cache Poisoning by
> Large Stored Response Headers (With Bonus XSS)' and 'Assertion in Gopher
> Response Handling' respectively: GHSA-543m-w2m2-g255 and CVE-2021-46784
>
> However, for "Gopher Assertion Crash", GHSA-f5cp-6rh3-284w does not apply.
> "Gopher Assertion Crash" concerns an assertion "assertion failed:
> store.cc:832: "store_status == STORE_PENDING"" while GHSA-f5cp-6rh3-284w
> concerns an assertion: "assertion failed: String.cc:172: "canGrowBy(len)""
>
> To the best of my knowledge the former (without a current GHSA or CVE) is
> unfixed.
>
> Cheers,
> Josh
>
> On Fri, Oct 13, 2023 at 3:54 AM Amos Jeffries <squid3@treenet.co.nz>
> wrote:
>
>> Some reference updates.
>>
>>
>> On 11/10/23 20:55, Joshua Rogers wrote:
>> >
>> > The issues are listed below. Due to the sheer size of issues discovered,
>> > technical details are not included in this email. However, breakdowns of
>> > the code and proof-of-concepts can be found on GitHub:
>> > https://megamansec.github.io/Squid-Security-Audit/
>> >
>>
>> > Cache Poisoning by Large Stored Response Headers (With Bonus XSS)
>>
>> ... GHSA-543m-w2m2-g255
>>
>> > Gopher Assertion Crash
>>
>> ... GHSA-f5cp-6rh3-284w
>>
>> > Assertion in Gopher Response Handling
>>
>> ... CVE-2021-46784 / GHSA-f5cp-6rh3-284w
>>
>>
>>
>> AYJ
>>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic