oss-sec mailing list archives
Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days.
From: Joshua Rogers <megamansec () gmail com>
Date: Sat, 21 Oct 2023 21:24:58 +0200
Hi all, I've updated the page with the following IDs which may be used for tracking: strlen(NULL) Crash Using Digest Authentication GHSA-254c-93q9-cp53 Assertion Due to 0 ESI 'when' Checking GHSA-4g88-277m-q89r Assertion Using ESI's When Directive GHSA-4g88-277m-q89r Stack Buffer Overflow in Digest Authentication GHSA-phqj-m8gv-cq4g Buffer Underflow in ESI GHSA-wgvf-q977-9xjg Cheers, Josh On Fri, Oct 13, 2023 at 8:23 PM Joshua Rogers <megamansec () gmail com> wrote:
Hi Amos, oss-security, I've added GHSA-543m-w2m2-g255 and CVE-2021-46784 for 'Cache Poisoning by Large Stored Response Headers (With Bonus XSS)' and 'Assertion in Gopher Response Handling' respectively: GHSA-543m-w2m2-g255 and CVE-2021-46784 However, for "Gopher Assertion Crash", GHSA-f5cp-6rh3-284w does not apply. "Gopher Assertion Crash" concerns an assertion "assertion failed: store.cc:832: "store_status == STORE_PENDING"" while GHSA-f5cp-6rh3-284w concerns an assertion: "assertion failed: String.cc:172: "canGrowBy(len)"" To the best of my knowledge the former (without a current GHSA or CVE) is unfixed. Cheers, Josh On Fri, Oct 13, 2023 at 3:54 AM Amos Jeffries <squid3 () treenet co nz> wrote:Some reference updates. On 11/10/23 20:55, Joshua Rogers wrote:The issues are listed below. Due to the sheer size of issues discovered, technical details are not included in this email. However, breakdowns of the code and proof-of-concepts can be found on GitHub: https://megamansec.github.io/Squid-Security-Audit/Cache Poisoning by Large Stored Response Headers (With Bonus XSS)... GHSA-543m-w2m2-g255Gopher Assertion Crash... GHSA-f5cp-6rh3-284wAssertion in Gopher Response Handling... CVE-2021-46784 / GHSA-f5cp-6rh3-284w AYJ
Current thread:
- Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. Joshua Rogers (Oct 11)
- Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. Amos Jeffries (Oct 13)
- Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. Joshua Rogers (Oct 13)
- Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. Joshua Rogers (Oct 21)
- Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. Joshua Rogers (Oct 13)
- Re: Squid Caching Proxy Security Audit: 55 Vulnerabilities, 35 0days. Amos Jeffries (Oct 13)