logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-12519

Description

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.


Affected Package


OS OS Version Package Name Package Version
ubuntu 19.10 squid 4.8-1ubuntu2.3
ubuntu 20.04 squid 4.10-1ubuntu1.1
ubuntu 20.10 squid 4.10-1ubuntu2
ubuntu 21.04 squid 4.10-1ubuntu2
ubuntu upstream squid 4.11
ubuntu 12.04 squid3 any
ubuntu upstream squid3 any
ubuntu 16.04 squid3 3.5.12-1ubuntu7.11

Related