Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-239
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Squid. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Squid versions ant\u00e9rieures \u00e0 4.11",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
},
{
"description": "Squid versions 5.0.x ant\u00e9rieures \u00e0 5.0.2",
"product": {
"name": "Squid",
"vendor": {
"name": "Squid",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-12519",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12519"
},
{
"name": "CVE-2019-12521",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12521"
},
{
"name": "CVE-2020-11945",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11945"
}
],
"initial_release_date": "2020-04-23T00:00:00",
"last_revision_date": "2020-04-23T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-239",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Squid. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Squid",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2019_12 du 23 avril 2020",
"url": "http://www.squid-cache.org/Advisories/SQUID-2019_12.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Squid SQUID-2020_4 du 23 avril 2020",
"url": "http://www.squid-cache.org/Advisories/SQUID-2020_4.txt"
}
]
}
CVE-2019-12519 (GCVE-0-2019-12519)
Vulnerability from cvelistv5
Published
2020-04-15 19:20
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:37.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it\u0027s being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won\u0027t overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T11:06:15",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it\u0027s being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won\u0027t overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt",
"refsource": "MISC",
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210205-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12519",
"datePublished": "2020-04-15T19:20:41",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:37.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11945 (GCVE-0-2020-11945)
Vulnerability from cvelistv5
Published
2020-04-23 14:16
Modified
2024-08-04 11:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:42:00.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/pull/585"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170313"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "FEDORA-2020-848065cc4c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"
},
{
"name": "FEDORA-2020-a6a921a591",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"
},
{
"name": "FEDORA-2020-56e809930e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-04T12:06:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/pull/585"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170313"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "FEDORA-2020-848065cc4c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"
},
{
"name": "FEDORA-2020-a6a921a591",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"
},
{
"name": "FEDORA-2020-56e809930e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210304-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch",
"refsource": "MISC",
"url": "http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"name": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch",
"refsource": "MISC",
"url": "http://master.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch"
},
{
"name": "https://github.com/squid-cache/squid/pull/585",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/pull/585"
},
{
"name": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811",
"refsource": "MISC",
"url": "https://github.com/squid-cache/squid/commit/eeebf0f37a72a2de08348e85ae34b02c34e9a811"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/04/23/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/2"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1170313",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1170313"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "FEDORA-2020-848065cc4c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4FWQRYZJPHAZBLXJ56FPCHJN5X2FP3VA/"
},
{
"name": "FEDORA-2020-a6a921a591",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV2VZWFJNO3B56IVN56HHKJASG5DYUIX/"
},
{
"name": "FEDORA-2020-56e809930e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H4MWXEZAJSOGRJSS2JCJK4WBSND4IV46/"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210304-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210304-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11945",
"datePublished": "2020-04-23T14:16:55",
"dateReserved": "2020-04-20T00:00:00",
"dateUpdated": "2024-08-04T11:42:00.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12521 (GCVE-0-2019-12521)
Vulnerability from cvelistv5
Published
2020-04-15 18:47
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it\u0027s off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can\u0027t affect adjacent memory blocks, and thus just leads to a crash while processing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-05T11:06:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it\u0027s off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can\u0027t affect adjacent memory blocks, and thus just leads to a crash while processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt",
"refsource": "MISC",
"url": "https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12521.txt"
},
{
"name": "[oss-security] 20200423 [ADVISORY] SQUID-2019:12 Multiple issues in ESI Response processing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/04/23/1"
},
{
"name": "DSA-4682",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4682"
},
{
"name": "openSUSE-SU-2020:0623",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00018.html"
},
{
"name": "GLSA-202005-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-05"
},
{
"name": "USN-4356-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4356-1/"
},
{
"name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2278-1] squid3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210205-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210205-0006/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12521",
"datePublished": "2020-04-15T18:47:43",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…