CVE-2019-12519
published 2020-04-15CVE-2019-12519: An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a…
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
6.73%
93.1th percentile
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | squid | < squid 4.11-1 (bookworm) | squid 4.11-1 (bookworm) |
| opensuse | leap | — | — |
| squid-cache | squid | 3.0 – 3.5.28 | — |
| squid-cache | squid | 4.0 – 4.10 | — |
| squid-cache | squid | 5.0 – 5.0.1 | — |
| squid | squid | >= 0 < 4.11-1 | 4.11-1 |
| squid | squid | >= 0 < 4.11-1 | 4.11-1 |
| squid | squid | >= 0 < 4.11-1 | 4.11-1 |
| squid | squid | >= 0 < 4.11-1 | 4.11-1 |
| squid | squid | >= 0 < 4.10-1ubuntu1.1 | 4.10-1ubuntu1.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2020-05-13·CVSS 9.8
CVE-2019-12519 [CRITICAL] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Jeriko One discovered that Squid incorrectly handled certain Edge Side
Includes (ESI) responses. A malicious remote server could cause Squid to
crash, possibly poison the cache, or possibly execute arbitrary code.
(CVE-2019-12519, CVE-2019-12521)
It was discovered that Squid incorrectly handled the hostname parameter to
cachemgr.cgi when certain browsers are used. A remote attacker could
possibly use this issue to inject HTML or invalid characters in the
hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 19.10. (CVE-2019-18860)
Clément Berthaux and Florian Guilbert discovered that Squid incorrectly
handled Digest Authentication nonce values. A remote attacker coul
Red Hat
squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
vendor_redhat·2020-04-24·CVSS 9.8
CVE-2019-12519 [CRITICAL] CWE-121 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the st
Debian
CVE-2019-12519: squid - An issue was discovered in Squid through 4.7. When handling the tag esi:when whe...
vendor_debian·2019·CVSS 9.8
CVE-2019-12519 [CRITICAL] CVE-2019-12519: squid - An issue was discovered in Squid through 4.7. When handling the tag esi:when whe...
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
Scope: local
bookworm: resolved (fixed in 4.11-1)
bullseye: resolved (fixed in 4.11-1)
forky: resolved (fixed in 4.11-1)
sid: resolved (fixed in 4.11-1)
trixie: resolved (fixed in 4.11-1)
GHSA
GHSA-2398-fmp4-7w9h: An issue was discovered in Squid through 4
ghsa_unreviewed·2022-05-24
CVE-2019-12519 [HIGH] CWE-787 GHSA-2398-fmp4-7w9h: An issue was discovered in Squid through 4
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
OSV
squid, squid3 vulnerabilities
osv·2020-05-13·CVSS 9.8
CVE-2019-12519 [CRITICAL] squid, squid3 vulnerabilities
squid, squid3 vulnerabilities
Jeriko One discovered that Squid incorrectly handled certain Edge Side
Includes (ESI) responses. A malicious remote server could cause Squid to
crash, possibly poison the cache, or possibly execute arbitrary code.
(CVE-2019-12519, CVE-2019-12521)
It was discovered that Squid incorrectly handled the hostname parameter to
cachemgr.cgi when certain browsers are used. A remote attacker could
possibly use this issue to inject HTML or invalid characters in the
hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 19.10. (CVE-2019-18860)
Clément Berthaux and Florian Guilbert discovered that Squid incorrectly
handled Digest Authentication nonce values. A remote attacker could
use this issue to replay nonce values, or possibly e
OSV
CVE-2019-12519: An issue was discovered in Squid through 4
osv·2020-04-15·CVSS 9.8
CVE-2019-12519 [CRITICAL] CVE-2019-12519: An issue was discovered in Squid through 4
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.htmlhttp://www.openwall.com/lists/oss-security/2020/04/23/1https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txthttps://lists.debian.org/debian-lts-announce/2020/07/msg00009.htmlhttps://security.gentoo.org/glsa/202005-05https://security.netapp.com/advisory/ntap-20210205-0006/https://usn.ubuntu.com/4356-1/https://www.debian.org/security/2020/dsa-4682http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.htmlhttp://www.openwall.com/lists/oss-security/2020/04/23/1https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txthttps://lists.debian.org/debian-lts-announce/2020/07/msg00009.htmlhttps://security.gentoo.org/glsa/202005-05https://security.netapp.com/advisory/ntap-20210205-0006/https://usn.ubuntu.com/4356-1/https://www.debian.org/security/2020/dsa-4682
2020-04-15
Published