CVE-2019-12519
squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
Se detectó un problema en Squid versiones hasta 4.7. Cuando se maneja la etiqueta esi:when cuando ESI está habilitado, Squid llama a la función ESIExpression::Evaluate. Esta función usa un búfer de pila fijado para contener la expresión mientras se está evaluando. Cuando de procesa la expresión, podría evaluar la parte superior de la pila o agregar un nuevo miembro en la pila. Cuando se agrega un nuevo miembro, no se realiza ninguna comprobación para asegurar que la pila no se desborde.
A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-06-02 CVE Reserved
- 2020-04-15 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-121: Stack-based Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2020/04/23/1 | Mailing List | |
https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | Mailing List | |
https://security.netapp.com/advisory/ntap-20210205-0006 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html | 2021-02-11 | |
https://security.gentoo.org/glsa/202005-05 | 2021-02-11 | |
https://usn.ubuntu.com/4356-1 | 2021-02-11 | |
https://www.debian.org/security/2020/dsa-4682 | 2021-02-11 | |
https://access.redhat.com/security/cve/CVE-2019-12519 | 2020-05-06 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1827552 | 2020-05-06 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 3.0 <= 3.5.28 Search vendor "Squid-cache" for product "Squid" and version " >= 3.0 <= 3.5.28" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 4.0 <= 4.10 Search vendor "Squid-cache" for product "Squid" and version " >= 4.0 <= 4.10" | - |
Affected
| ||||||
Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 5.0 <= 5.0.1 Search vendor "Squid-cache" for product "Squid" and version " >= 5.0 <= 5.0.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
|