CVE-2019-18677
- Source
- https://cve.org/CVERecord?id=CVE-2019-18677
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-18677.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-18677
- Downstream
- Related
- Published
- 2019-11-26T17:15:12.923Z
- Modified
- 2026-04-16T01:40:58.945887609Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Squid 3.x and 4.x through 4.8 when the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions). Due to incorrect message processing, it can inappropriately redirect traffic to origins it should not be delivered to.
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "2.0" }, { "last_affected": "2.7" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:squid-cache:squid:2.7:stable2:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "2.7-stable2" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:squid-cache:squid:2.7:stable3:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "2.7-stable3" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:squid-cache:squid:2.7:stable4:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "2.7-stable4" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:squid-cache:squid:2.7:stable5:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "2.7-stable5" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:squid-cache:squid:2.7:stable6:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "2.7-stable6" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:squid-cache:squid:2.7:stable7:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "2.7-stable7" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:squid-cache:squid:2.7:stable8:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "2.7-stable8" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:a:squid-cache:squid:2.7:stable9:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "2.7-stable9" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "16.04" } ] }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "extracted_events": [ { "last_affected": "18.04" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "19.04" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "19.10" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "30" } ], "source": "CPE_FIELD" }, { "cpe": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "extracted_events": [ { "last_affected": "31" } ], "source": "CPE_FIELD" } ] }- References
-
- https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTM74TU2BSLT5B3H4F3UDW53672NVLMC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UEMOYTMCCFWK5NOXSXEIH5D2VGWVXR67/
- http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
- http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch
- https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html
- https://usn.ubuntu.com/4213-1/
- https://www.debian.org/security/2020/dsa-4682
- https://bugzilla.suse.com/show_bug.cgi?id=1156328
- https://github.com/squid-cache/squid/pull/427
Affected packages
Git / github.com/squid-cache/squid
Affected ranges
- Type
- GIT
- Repo
- https://github.com/squid-cache/squid
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "extracted_events": [ { "introduced": "3.0" }, { "last_affected": "3.5.28" }, { "introduced": "4.0" }, { "last_affected": "4.8" } ], "source": "CPE_FIELD" }
Affected versions
Other
HISTORIC_RELEASES
SQUID_3_0_PRE1
SQUID_3_0_PRE2
SQUID_3_0_PRE3
SQUID_3_0_PRE4
SQUID_3_0_PRE5
SQUID_3_0_PRE6
SQUID_3_0_PRE7
SQUID_3_0_RC1
SQUID_3_5_0_1
SQUID_3_5_0_2
SQUID_3_5_0_3
SQUID_3_5_0_4
SQUID_3_5_1
SQUID_3_5_10
SQUID_3_5_11
SQUID_3_5_12
SQUID_3_5_13
SQUID_3_5_14
SQUID_3_5_15
SQUID_3_5_16
SQUID_3_5_17
SQUID_3_5_18
SQUID_3_5_19
SQUID_3_5_2
SQUID_3_5_20
SQUID_3_5_21
SQUID_3_5_22
SQUID_3_5_23
SQUID_3_5_24
SQUID_3_5_25
SQUID_3_5_26
SQUID_3_5_28
SQUID_3_5_3
SQUID_3_5_4
SQUID_3_5_5
SQUID_3_5_6
SQUID_3_5_7
SQUID_3_5_8
SQUID_3_5_9
SQUID_4_0_1
SQUID_4_0_10
SQUID_4_0_11
SQUID_4_0_12
SQUID_4_0_13
SQUID_4_0_14
SQUID_4_0_15
SQUID_4_0_16
SQUID_4_0_17
SQUID_4_0_18
SQUID_4_0_19
SQUID_4_0_2
SQUID_4_0_20
SQUID_4_0_21
SQUID_4_0_22
SQUID_4_0_23
SQUID_4_0_24
SQUID_4_0_25
SQUID_4_0_3
SQUID_4_0_4
SQUID_4_0_5
SQUID_4_0_6
SQUID_4_0_7
SQUID_4_0_8
SQUID_4_0_9
SQUID_4_1
SQUID_4_2
SQUID_4_3
SQUID_4_4
SQUID_4_5
SQUID_4_6
SQUID_4_7
SQUID_4_8
take00