Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2019-12519
HistoryApr 15, 2020 - 8:15 p.m.

CVE-2019-12519

2020-04-1520:15:00
Alpine Linux Development Team
security.alpinelinux.org
6

0.013 Low

EPSS

Percentile

85.7%

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it’s being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won’t overflow.

OSVersionArchitecturePackageVersionFilename
Alpine3.10-mainnoarchsquid< 4.11-r0UNKNOWN
Alpine3.11-mainnoarchsquid< 4.11-r0UNKNOWN
Alpine3.9-mainnoarchsquid< 4.11-r0UNKNOWN