CVE-2019-12854
HIGHSquid 4.0-4.7 - Denial of Service via cachemgr.cgi String Termination Error
Title source: llmDescription
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
References (9)
Core 9
Core References
Vendor Advisory x_refsource_misc
http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
Vendor Advisory x_refsource_misc
https://bugs.squid-cache.org/show_bug.cgi?id=4937
Patch, Vendor Advisory x_refsource_misc
http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch
Mailing List, Third Party Advisory x_refsource_confirm
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2019/dsa-4507
Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Aug/42
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4213-1/
Scores
CVSS v3
7.5
EPSS
0.4883
EPSS Percentile
97.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (9)
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
19.04
canonical/ubuntu_linux
19.10
debian/debian_linux
10.0
fedoraproject/fedora
29
opensuse/leap
15.0
opensuse/leap
15.1
squid-cache/squid
4.0 - 4.7
Published
Aug 15, 2019
Tracked Since
Feb 18, 2026