Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-12521

Опубликовано: 15 апр. 2020
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Версия от 3.0 (включая) до 3.5.28 (включая)
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Версия от 4.0 (включая) до 4.7 (включая)
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Версия от 5.0 (включая) до 5.0.1 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 57%
0.0036
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-193

Связанные уязвимости

ubuntu логотип

CVE-2019-12521

CVSS3: 5.9
ubuntu
около 5 лет назад

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

redhat логотип

CVE-2019-12521

CVSS3: 5.9
redhat
около 5 лет назад

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

debian логотип

CVE-2019-12521

CVSS3: 5.9
debian
около 5 лет назад

An issue was discovered in Squid through 4.7. When Squid is parsing ES ...

github логотип

GHSA-7mv4-9v7r-5gq3

github
около 3 лет назад

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

fstec логотип

BDU:2021-01724

CVSS3: 5.9
fstec
около 5 лет назад

Уязвимость механизма обработки элементов ESI прокси-сервера Squid, связанная с выходом операции за допустимые границы буфера данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 57%
0.0036
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-193