Published: 15/04/2020 Updated: 21/07/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

An issue exists in Squid up to and including 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

Vulnerable Product	Search on Vulmon	Subscribe to Product
squid-cache squid
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.10
canonical ubuntu linux 20.04
debian debian linux 9.0
debian debian linux 10.0
opensuse leap 15.1

Synopsis Moderate: squid:4 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the squid:4 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...

Several security issues were fixed in Squid ...

Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service For the stable distribution (buster), these problems have been fixed in version 46-1+deb10u2 We recommend that you upgrade your squid packag ...

An issue was discovered in Squid through 47 When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate This function uses a fixed stack buffer to hold the expression while it's being evaluated When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack When adding ...

A flaw was found in Squid through version 47 When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression While processing the expression, there is no check to ensure that the stack won't overflow The highest threat from this vulnerability is to data ...

A flaw was found in squid When Squid is parsing ESI, it keeps the ESI elements in ESIContext ESIContext contains a buffer for holding a stack of ESIElements When a new ESIElement is parsed, it is added via addStackElement addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 el ...

A heap-based out-of-bounds write has been found in Squid before 411 or 502, where a crafted ESI response sent from an upstream server can truncate portions of generated payloads, poisoning the HTTP response cache with corrupted objects On systems with heap overflow protection overflow will shutdown the proxy causing a denial of service for all ...

CWE-787 CWE-193 https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt http://www.openwall.com/lists/oss-security/2020/04/23/1 https://www.debian.org/security/2020/dsa-4682 http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html https://security.gentoo.org/glsa/202005-05 https://usn.ubuntu.com/4356-1/https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html https://security.netapp.com/advisory/ntap-20210205-0006/https://access.redhat.com/errata/RHSA-2020:4743 https://usn.ubuntu.com/4356-1/https://nvd.nist.gov

CVE-2019-12521

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect