CyberSec.Space Logo
Back to CVE Browser

CVE-2008-7249

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1100%
EPSS Percentile39.77th
PublishedDec 30, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167.

Affected Platforms (CPE)

πŸ“¦
Pedro Lineu Orso

Sarg

= 2.2.4

References & Advisories

πŸ”— http://sourceforge.net/project/shownotes.php?release_id=581212
πŸ”— http://www.securityfocus.com/archive/1/489018/100/0/threaded
πŸ”— http://www.vupen.com/english/advisories/2008/0749
πŸ”— http://sourceforge.net/project/shownotes.php?release_id=581212
πŸ”— http://www.securityfocus.com/archive/1/489018/100/0/threaded
πŸ”— http://www.vupen.com/english/advisories/2008/0749

Related Vulnerabilities

CVE-2008-116710.0

Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remo...

CVE-2008-192210.0

Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a craf...

CVE-2019-189327.0

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temp...

CVE-2008-11684.3

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbit...