Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-12519

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.

See the

CVE page on Mitre.org for more details.

References

MISC: https://gitlab.com/jer...
MLIST: [oss-security] 2020042...
DEBIAN: DSA-4682
SUSE: openSUSE-SU-2020:0623
GENTOO: GLSA-202005-05
UBUNTU: USN-4356-1
MLIST: [debian-lts-announce] ...
CONFIRM: https://security.netap...

Launchpad.net

CVE 2019-12519

Related bugs

References