CVE-2019-12521
published 2020-04-15CVE-2019-12521: An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a…
PriorityP433medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
5.76%
92.1th percentile
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | squid | < squid 4.11-1 (bookworm) | squid 4.11-1 (bookworm) |
| opensuse | leap | — | — |
| squid-cache | squid | 3.0 – 3.5.28 | — |
| squid-cache | squid | 4.0 – 4.7 | — |
| squid-cache | squid | 5.0 – 5.0.1 | — |
| squid | squid | >= 0 < 4.11-1 | 4.11-1 |
| squid | squid | >= 0 < 4.11-1 | 4.11-1 |
| squid | squid | >= 0 < 4.11-1 | 4.11-1 |
| squid | squid | >= 0 < 4.11-1 | 4.11-1 |
| squid | squid | >= 0 < 4.10-1ubuntu1.1 | 4.10-1ubuntu1.1 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2020-05-13·CVSS 9.8
CVE-2019-12519 [CRITICAL] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Jeriko One discovered that Squid incorrectly handled certain Edge Side
Includes (ESI) responses. A malicious remote server could cause Squid to
crash, possibly poison the cache, or possibly execute arbitrary code.
(CVE-2019-12519, CVE-2019-12521)
It was discovered that Squid incorrectly handled the hostname parameter to
cachemgr.cgi when certain browsers are used. A remote attacker could
possibly use this issue to inject HTML or invalid characters in the
hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 19.10. (CVE-2019-18860)
Clément Berthaux and Florian Guilbert discovered that Squid incorrectly
handled Digest Authentication nonce values. A remote attacker coul
Red Hat
squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash
vendor_redhat·2020-04-24·CVSS 5.9
CVE-2019-12521 [MEDIUM] CWE-122 squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash
squid: Off-by-one error in addStackElement allows for heap buffer overflow and crash
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
A flaw was found in squid. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is adde
Debian
CVE-2019-12521: squid - An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keep...
vendor_debian·2019·CVSS 5.9
CVE-2019-12521 [MEDIUM] CVE-2019-12521: squid - An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keep...
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
Scope: local
bookworm: resolved (fixed in 4.11-1)
bullseye: resolved (fixed in 4.11-1)
forky: resolved (fixed in 4.11-1)
sid: resolved (fixed in 4.11-1)
trixie: resolved (fixed in 4.11-1)
GHSA
GHSA-7mv4-9v7r-5gq3: An issue was discovered in Squid through 4
ghsa_unreviewed·2022-05-24
CVE-2019-12521 [MEDIUM] CWE-787 GHSA-7mv4-9v7r-5gq3: An issue was discovered in Squid through 4
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
OSV
squid, squid3 vulnerabilities
osv·2020-05-13·CVSS 9.8
CVE-2019-12519 [CRITICAL] squid, squid3 vulnerabilities
squid, squid3 vulnerabilities
Jeriko One discovered that Squid incorrectly handled certain Edge Side
Includes (ESI) responses. A malicious remote server could cause Squid to
crash, possibly poison the cache, or possibly execute arbitrary code.
(CVE-2019-12519, CVE-2019-12521)
It was discovered that Squid incorrectly handled the hostname parameter to
cachemgr.cgi when certain browsers are used. A remote attacker could
possibly use this issue to inject HTML or invalid characters in the
hostname parameter. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 19.10. (CVE-2019-18860)
Clément Berthaux and Florian Guilbert discovered that Squid incorrectly
handled Digest Authentication nonce values. A remote attacker could
use this issue to replay nonce values, or possibly e
OSV
CVE-2019-12521: An issue was discovered in Squid through 4
osv·2020-04-15·CVSS 5.9
CVE-2019-12521 [MEDIUM] CVE-2019-12521: An issue was discovered in Squid through 4
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.htmlhttp://www.openwall.com/lists/oss-security/2020/04/23/1https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txthttps://lists.debian.org/debian-lts-announce/2020/07/msg00009.htmlhttps://security.gentoo.org/glsa/202005-05https://security.netapp.com/advisory/ntap-20210205-0006/https://usn.ubuntu.com/4356-1/https://www.debian.org/security/2020/dsa-4682http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.htmlhttp://www.openwall.com/lists/oss-security/2020/04/23/1https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txthttps://lists.debian.org/debian-lts-announce/2020/07/msg00009.htmlhttps://security.gentoo.org/glsa/202005-05https://security.netapp.com/advisory/ntap-20210205-0006/https://usn.ubuntu.com/4356-1/https://www.debian.org/security/2020/dsa-4682
2020-04-15
Published