CLSA-2026-1777541147

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2026-1777541147.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLSA-2026-1777541147
Upstream
Published
2026-05-02T01:02:36Z
Modified
2026-05-27T11:35:11.535660971Z
Summary
squid34: Fix of 12 CVEs
Details
  • CVE-2019-12525: fix heap buffer over-read in Digest auth parameter parsing
  • CVE-2018-1000027: fix NULL pointer dereference in X-Forwarded-For logging for internal transactions
  • CVE-2018-19131: escape certificate field injection via %D in ERRSECURECONNECT_FAIL page
  • CVE-2018-19132: fix memory leak when parsing denied or malformed SNMP packets
  • CVE-2019-13345: escape username and pubauth parameters in cachemgr.cgi to prevent reflected XSS
  • CVE-2019-18860: validate hostname parameter in cachemgr.cgi to prevent reflected XSS
  • CVE-2019-18677: prevent hostname truncation when append_domain expands origin-relative domains
  • CVE-2019-18679: remove in-memory pointer from Digest nonce hash input (ASLR bypass)
  • CVE-2019-18678: reject HTTP requests with BWS between header field-name and colon (RFC 7230 3.2.4)
  • CVE-2019-12523: validate URN NID per RFC 8141 to prevent SSRF via crafted urn: requests
  • CVE-2019-12528: track FTP listing token positions to avoid strstr-based over-read into adjacent heap
  • CVE-2019-12529: replace uudecode with base64_decode in Basic auth to bound input-buffer reads
References

Affected packages

TuxCare:CentOS:6 / squid34

Package

Name
squid34
Purl
pkg:rpm/tuxcare/squid34?distro=centos-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7:3.4.14-16.el6.tuxcare.els13

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos6els/CLSA-2026-1777541147.json"