Unrated severityNVD Advisory· Published Nov 26, 2019· Updated Aug 5, 2024
CVE-2019-18677
CVE-2019-18677
Description
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
26- Squid/Squiddescription
- osv-coords24 versionspkg:rpm/almalinux/libecappkg:rpm/almalinux/libecap-develpkg:rpm/opensuse/squid&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/squid&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/squid&distro=openSUSE%20Tumbleweedpkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/squid3&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/squid&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/squid&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/squid&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/squid&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/squid&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/squid&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
< 1.0.1-2.module_el8.6.0+2741+01592ae8+ 23 more
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 1.0.1-2.module_el8.6.0+2741+01592ae8
- (no CPE)range: < 4.9-lp150.13.1
- (no CPE)range: < 4.9-lp151.2.7.1
- (no CPE)range: < 4.16-1.5
- (no CPE)range: < 3.1.23-8.16.37.12.1
- (no CPE)range: < 3.1.23-8.16.37.12.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 4.9-5.11.1
- (no CPE)range: < 4.9-5.11.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 4.9-4.3.2
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 4.9-4.3.2
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
- (no CPE)range: < 3.5.21-26.20.1
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/mitrevendor-advisoryx_refsource_FEDORA
- usn.ubuntu.com/4213-1/mitrevendor-advisoryx_refsource_UBUNTU
- www.debian.org/security/2020/dsa-4682mitrevendor-advisoryx_refsource_DEBIAN
- www.squid-cache.org/Advisories/SQUID-2019_9.txtmitrex_refsource_CONFIRM
- www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patchmitrex_refsource_CONFIRM
- www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patchmitrex_refsource_CONFIRM
- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
- github.com/squid-cache/squid/pull/427mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2019/12/msg00011.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2020/07/msg00009.htmlmitremailing-listx_refsource_MLIST
News mentions
0No linked articles in our index yet.