Showing 1 - 3 of 3

CVE-2019-12521

Status Candidate

Overview

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

Related Files

Red Hat Security Advisory 2020-4743-01: Posted Nov 4, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-4743-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow, bypass, cross site request forgery, denial of service, heap overflow, information leakage, and out of bounds read vulnerabilities.; tags | advisory, web, denial of service, overflow, vulnerability, csrf; systems | linux, redhat; advisories | CVE-2019-12520, CVE-2019-12521, CVE-2019-12523, CVE-2019-12524, CVE-2019-12526, CVE-2019-12528, CVE-2019-12529, CVE-2019-12854, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678, CVE-2019-18679, CVE-2019-18860, CVE-2020-14058, CVE-2020-15049, CVE-2020-24606, CVE-2020-8449, CVE-2020-8450; SHA-256 | 6a36bcffb87c3fe39872c03d6a9977d9fae1e90b42488ae64fd7e983caa0c436; Download | Favorite | View

Debian Security Advisory 4682-1: Posted May 28, 2020; Authored by Debian | Site debian.org; Debian Linux Security Advisory 4682-1 - Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service.; tags | advisory, denial of service, arbitrary, info disclosure; systems | linux, debian; advisories | CVE-2019-12519, CVE-2019-12520, CVE-2019-12521, CVE-2019-12523, CVE-2019-12524, CVE-2019-12526, CVE-2019-12528, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678, CVE-2019-18679, CVE-2020-11945, CVE-2020-8449, CVE-2020-8450; SHA-256 | 87ca95b4ae1d88238583d52bb863f0a6581ef8c84693704ff5fc9f5b91f4325a; Download | Favorite | View

Gentoo Linux Security Advisory 202005-05: Posted May 13, 2020; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202005-5 - Multiple vulnerabilities have been found in Squid, the worst of which could result in the arbitrary execution of code. Versions less than 4.11 are affected.; tags | advisory, arbitrary, vulnerability; systems | linux, gentoo; advisories | CVE-2019-12519, CVE-2019-12521, CVE-2020-11945; SHA-256 | f86a32f4b05bd5ead7ea9b9b8aecfcac7e286aa57a83dda6bfa09afe82284eea; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2019-12521

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems