Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2019-12519
HistoryApr 15, 2020 - 8:15 p.m.

CVE-2019-12519

2020-04-1520:15:00
Debian Security Bug Tracker
security-tracker.debian.org
12

0.013 Low

EPSS

Percentile

85.7%

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it’s being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won’t overflow.