Bug 1827552 (CVE-2019-12519)
Summary: | CVE-2019-12519 squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | anon.amish, code, jonathansteffan, luhliari, mkyral, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | squid 4.11, squid 5.0.2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-06 16:31:57 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1828360, 1828362, 1828364, 1828366, 1828368, 1828370 | ||
Bug Blocks: | 1827553 |
Description
Marian Rehak
2020-04-24 07:51:47 UTC
External References: http://www.squid-cache.org/Advisories/SQUID-2019_12.txt https://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt Statement: The squid packages are compiled with protections like stack canaries, which should reduce the chance of a successful exploitation dramatically and the most likely outcome is a crash without code execution. This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:2038 https://access.redhat.com/errata/RHSA-2020:2038 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:2039 https://access.redhat.com/errata/RHSA-2020:2039 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2041 https://access.redhat.com/errata/RHSA-2020:2041 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2040 https://access.redhat.com/errata/RHSA-2020:2040 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12519 |