Vulnerability CVE-2019-12519: Information
Description
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| squid | sisyphus | 4.11-alt1 | 6.8-alt1 | ALT-PU-2020-1909-1 | 250949 | Fixed |
| squid | p10 | 4.11-alt1 | 6.6-alt1 | ALT-PU-2020-1909-1 | 250949 | Fixed |
| squid | p9 | 4.13-alt1 | 4.13-alt1 | ALT-PU-2020-3140-1 | 260355 | Fixed |
| squid | c10f1 | 4.11-alt1 | 6.6-alt1 | ALT-PU-2020-1909-1 | 250949 | Fixed |
| squid | c9f2 | 4.13-alt1 | 4.15-alt1 | ALT-PU-2020-3142-1 | 260359 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt |
|
| [oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing |
|
| DSA-4682 |
|
| openSUSE-SU-2020:0623 |
|
| GLSA-202005-05 |
|
| USN-4356-1 |
|
| [debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update |
|
| https://security.netapp.com/advisory/ntap-20210205-0006/ |
|