cbcvebase.
CVE-2019-12521
published 2020-04-15

CVE-2019-12521: An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a…

PriorityP433medium5.9CVSS 3.1
AVNACHPRNUINSUCNINAH
EPSS
5.76%
92.1th percentile
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

Affected

16 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debiansquid< squid 4.11-1 (bookworm)squid 4.11-1 (bookworm)
opensuseleap
squid-cachesquid3.0 – 3.5.28
squid-cachesquid4.0 – 4.7
squid-cachesquid5.0 – 5.0.1
squidsquid>= 0 < 4.11-14.11-1
squidsquid>= 0 < 4.11-14.11-1
squidsquid>= 0 < 4.11-14.11-1
squidsquid>= 0 < 4.11-14.11-1
squidsquid>= 0 < 4.10-1ubuntu1.14.10-1ubuntu1.1

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.