CVE-2019-12854 - Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memor

CVE-2019-12854

Summary

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.

References

Vulnerable Configurations

cpe:2.3:a:squid-cache:squid:4.0:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.17:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.18:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.19:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.20:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.21:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.22:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.23:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.24:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.0.25:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.3:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.4:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.6:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.7:*:*:*:*:*:*:*
cpe:2.3:a:squid-cache:squid:4.7:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 01-01-2022 - 20:18)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

rpms

libecap-0:1.0.1-2.module+el8.1.0+4044+36416a77
libecap-debuginfo-0:1.0.1-2.module+el8.1.0+4044+36416a77
libecap-debugsource-0:1.0.1-2.module+el8.1.0+4044+36416a77
libecap-devel-0:1.0.1-2.module+el8.1.0+4044+36416a77
squid-7:4.11-3.module+el8.3.0+7851+7808b5f9
squid-debuginfo-7:4.11-3.module+el8.3.0+7851+7808b5f9
squid-debugsource-7:4.11-3.module+el8.3.0+7851+7808b5f9

refmap via4

bugtraq	20190825 [SECURITY] [DSA 4507-1] squid security update
confirm	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
debian	DSA-4507
misc	http://www.squid-cache.org/Advisories/SQUID-2019_1.txt http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch https://bugs.squid-cache.org/show_bug.cgi?id=4937
suse	openSUSE-SU-2019:2540 openSUSE-SU-2019:2541
ubuntu	USN-4213-1

Last major update

01-01-2022 - 20:18

Published

15-08-2019 - 17:15

Last modified

01-01-2022 - 20:18