CVE-2019-12854
CVE-2019-12854
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.htmlhttps://bugs.squid-cache.org/show_bug.cgi?id=4937https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/https://seclists.org/bugtraq/2019/Aug/42https://usn.ubuntu.com/4213-1/https://www.debian.org/security/2019/dsa-4507http://www.squid-cache.org/Advisories/SQUID-2019_1.txthttp://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch