squid-cache squid CVE-2019-12521 vulnerability in Squid Cache and Other Products
Published on April 15, 2020

product logo product logo product logo product logo
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-12521

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-12521 are published in these products:

Squid Cache Squid
 
Canonical Ubuntu Linux
 
Debian Linux
 
OpenSuse Leap
 

Exploit Probability

EPSS
0.57%
Percentile
68.11%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.