CVE-2019-12519 vulnerability in Squid Cache and Other Products
Published on April 15, 2020
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
Products Associated with CVE-2019-12519
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12519 are published in these products:
Exploit Probability
EPSS
7.54%
Percentile
91.66%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.