CVE-2019-12854

Опубликовано: 15 авг. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Средний

Описание

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
Mailing List
Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
Vendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch
Patch
Vendor Advisory
https://bugs.squid-cache.org/show_bug.cgi?id=4937
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
https://seclists.org/bugtraq/2019/Aug/42
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4213-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4507
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
Mailing List
Third Party Advisory
http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
Vendor Advisory
http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch
Patch
Vendor Advisory
https://bugs.squid-cache.org/show_bug.cgi?id=4937
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
https://seclists.org/bugtraq/2019/Aug/42
Mailing List
Third Party Advisory
https://usn.ubuntu.com/4213-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4507
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*

Версия от 4.0 (включая) до 4.7 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.44493

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2019-12854

CVSS3: 7.5

ubuntu

почти 6 лет назад

CVE-2019-12854

CVSS3: 4.3

redhat

почти 6 лет назад

CVE-2019-12854

CVSS3: 7.5

debian

почти 6 лет назад

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4. ...

GHSA-pxgg-fcwc-pc9f

CVSS3: 7.5

github

около 3 лет назад

BDU:2020-03316

CVSS3: 7.5

fstec

почти 6 лет назад

Уязвимость компонента cachemgr.cgi прокси-сервера Squid, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 97%

0.44493

Средний

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo