CVE-2019-12854

Published: Aug 15, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.

Affected (9)

Products: Squid Cache: Squid · Debian: Debian Linux · Fedoraproject: Fedora · +2 more

Show all products

Squid Cache: Squid · Debian: Debian Linux · Fedoraproject: Fedora · Canonical: Ubuntu Linux · Opensuse: Leap

1 product

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Squid Cache Squid	From 4.0 to 4.7

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Fedoraproject Fedora	Version 29

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.04
Canonical Ubuntu Linux	Version 19.10

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1

References (18)

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.squid-cache.org/Advisories/SQUID-2019_1.txt

Source: cve@mitre.org

Vendor Advisory

http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch

Source: cve@mitre.org

PatchVendor Advisory

https://bugs.squid-cache.org/show_bug.cgi?id=4937

Source: cve@mitre.org

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/

Source: cve@mitre.org

https://seclists.org/bugtraq/2019/Aug/42

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4213-1/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2019/dsa-4507

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.squid-cache.org/Advisories/SQUID-2019_1.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://bugs.squid-cache.org/show_bug.cgi?id=4937

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://seclists.org/bugtraq/2019/Aug/42

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4213-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2019/dsa-4507

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.