CVE Vulnerabilities

CVE-2019-12521

Off-by-one Error

Published: Apr 15, 2020 | Modified: Jul 21, 2021
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.9 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but its off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it cant affect adjacent memory blocks, and thus just leads to a crash while processing.

Weakness

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Affected Software

Name Vendor Start Version End Version
Squid Squid-cache 3.0 (including) 3.5.28 (including)
Squid Squid-cache 4.0 (including) 4.7 (including)
Squid Squid-cache 5.0 (including) 5.0.1 (including)
Red Hat Enterprise Linux 8 RedHat squid:4-8030020200828070549.30b713e6 *
Squid Ubuntu devel *
Squid Ubuntu eoan *
Squid Ubuntu focal *
Squid Ubuntu groovy *
Squid Ubuntu hirsute *
Squid Ubuntu trusty *
Squid Ubuntu upstream *
Squid3 Ubuntu bionic *
Squid3 Ubuntu precise/esm *
Squid3 Ubuntu trusty *
Squid3 Ubuntu xenial *

Potential Mitigations

References