Vulnerability Details CVE-2019-12854
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.605
EPSS Ranking 98.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
- http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch
- https://bugs.squid-cache.org/show_bug.cgi?id=4937
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
- https://seclists.org/bugtraq/2019/Aug/42
- https://usn.ubuntu.com/4213-1/
- https://www.debian.org/security/2019/dsa-4507
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
- http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch
- https://bugs.squid-cache.org/show_bug.cgi?id=4937
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
- https://seclists.org/bugtraq/2019/Aug/42
- https://usn.ubuntu.com/4213-1/
- https://www.debian.org/security/2019/dsa-4507
Products affected by CVE-2019-12854
-
cpe:2.3:a:squid-cache:squid:4.0
-
cpe:2.3:a:squid-cache:squid:4.0.1
-
cpe:2.3:a:squid-cache:squid:4.0.10
-
cpe:2.3:a:squid-cache:squid:4.0.11
-
cpe:2.3:a:squid-cache:squid:4.0.12
-
cpe:2.3:a:squid-cache:squid:4.0.13
-
cpe:2.3:a:squid-cache:squid:4.0.14
-
cpe:2.3:a:squid-cache:squid:4.0.15
-
cpe:2.3:a:squid-cache:squid:4.0.16
-
cpe:2.3:a:squid-cache:squid:4.0.17
-
cpe:2.3:a:squid-cache:squid:4.0.18
-
cpe:2.3:a:squid-cache:squid:4.0.19
-
cpe:2.3:a:squid-cache:squid:4.0.2
-
cpe:2.3:a:squid-cache:squid:4.0.20
-
cpe:2.3:a:squid-cache:squid:4.0.21
-
cpe:2.3:a:squid-cache:squid:4.0.22
-
cpe:2.3:a:squid-cache:squid:4.0.23
-
cpe:2.3:a:squid-cache:squid:4.0.24
-
cpe:2.3:a:squid-cache:squid:4.0.25
-
cpe:2.3:a:squid-cache:squid:4.0.3
-
cpe:2.3:a:squid-cache:squid:4.0.4
-
cpe:2.3:a:squid-cache:squid:4.0.5
-
cpe:2.3:a:squid-cache:squid:4.0.6
-
cpe:2.3:a:squid-cache:squid:4.0.8
-
cpe:2.3:a:squid-cache:squid:4.0.9
-
cpe:2.3:a:squid-cache:squid:4.3
-
cpe:2.3:a:squid-cache:squid:4.4
-
cpe:2.3:a:squid-cache:squid:4.6
-
cpe:2.3:a:squid-cache:squid:4.7
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.04
-
cpe:2.3:o:canonical:ubuntu_linux:19.10
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:fedoraproject:fedora:29
-
cpe:2.3:o:opensuse:leap:15.0
-
cpe:2.3:o:opensuse:leap:15.1