PT-2019-5500 · Squid+7 · Squid+8

Alex Rousskov

Publicado

2019-07-15

Atualizado

2024-06-15

CVE-2019-12854

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Squid versions 4.0 through 4.7

Description The issue is related to incorrect string termination in the cachemgr.cgi component of the Squid proxy server, which can lead to accessing unallocated memory. This can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it. The vulnerability is also described as a buffer overflow in memory, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Squid versions 4.0 through 4.7, consider disabling the cachemgr.cgi component as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALSA-2020:4743

ALT-PU-2019-2264

ALT-PU-2019-2271

BDU:2020-03316

CESA-2020_4743

CVE-2019-12854

DSA-4507-1

MGASA-2019-0266

OPENSUSE-SU-2019:2540-1

OPENSUSE-SU-2019:2541-1

OPENSUSE-SU-2019_2540-1

OPENSUSE-SU-2019_2541-1

OPENSUSE-SU-2024:11403-1

RHSA-2020:4743

RHSA-2020_4743

RLSA-2020:4743

SUSE-SU-2019:2975-1

USN-4213-1

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Rocky Linux

Squid

Squid Cache

Suse

Ubuntu

PT-2019-5500 · Squid+7 · Squid+8

CVE-2019-12854

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 133