An issue exists in Squid up to and including 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
squid-cache squid |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.10 |
||
canonical ubuntu linux 20.04 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
opensuse leap 15.1 |