CVE-2019-12854

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 0.63 % (80^th)

Affected Products 5

Advisories 9

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2019-08-15 17:15:12
(5 years ago)
Updated Date: 2023-11-07 03:03:42
(10 months ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Squid-cache Squid from 4.0 version and 4.7 and prior versions	cpe:2.3:a:squid-cache:squid	>= 4.0	<= 4.7

Configuration #2

		CPE23	From	Up To
	Debian Linux 10.0	cpe:2.3:o:debian:debian_linux:10.0
	Fedoraproject Fedora 29	cpe:2.3:o:fedoraproject:fedora:29

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04
	Canonical Ubuntu Linux 19.10	cpe:2.3:o:canonical:ubuntu_linux:19.10

Configuration #4

		CPE23	From	Up To
	Opensuse Leap 15.0	cpe:2.3:o:opensuse:leap:15.0
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1

Weaknesses

Affected Products

Canonical

Debian

Fedoraproject

Opensuse

Squid-cache

Configuration #1

Configuration #2

Configuration #3

Configuration #4