CVE-2019-12521Off-by-one Error in Squid

CWE-193Off-by-one ErrorCWE-787Out-of-bounds WriteCWE-122Heap-based Buffer Overflow9 documents8 sources
Severity
5.9MEDIUMNVD
OSV9.8
EPSS
0.6%
top 31.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
SquidSquid-cache SquidCanonical Ubuntu Linux+2 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while pr

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

Debiansquid/squid< 4.11-1+3
Ubuntusquid/squid< 4.10-1ubuntu1.1
NVDsquid-cache/squid3.03.5.28+2
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 9.0, Ubuntu Linux 16.04, 18.04, 19.10, 20.04

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
GHSA-7mv4-9v7r-5gq3: An issue was discovered in Squid through 42022-05-24
OSV
squid, squid3 vulnerabilities2020-05-13
CVEList
CVE-2019-12521: An issue was discovered in Squid through 42020-04-15
OSV
CVE-2019-12521: An issue was discovered in Squid through 42020-04-15

📋Vendor Advisories

3
Ubuntu
Squid vulnerabilities2020-05-13
Red Hat
squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash2020-04-24
Debian
CVE-2019-12521: squid - An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keep...2019

💬Community

1
Bugzilla
CVE-2019-12521 squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash2020-04-24
CVE-2019-12521 — Off-by-one Error in Squid-cache Squid | cvebase