Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2019-12521 - log back

CVE-2019-12521 edited at 30 Apr 2020 08:17:48

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Content spoofing

Description

+

A heap-based out-of-bounds write has been found in Squid before 4.11 or 5.0.2., where a crafted ESI response sent from an upstream server can truncate portions of generated payloads, poisoning the HTTP response cache with corrupted objects. On systems with heap overflow protection overflow will shutdown the proxy causing a denial of service for all clients accessing the Squid service.

References

+	http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
+	http://www.squid-cache.org/Versions/v4/changesets/squid-4-fdd4123629320aa1ee4c3481bb392437c90d188d.patch

Notes

CVE-2019-12521 created at 30 Apr 2020 08:11:40