CVE-2019-12854
First published: Thu Aug 15 2019(Updated: )
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Squid-Cache Squid | >=4.0<=4.7 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =29 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| openSUSE Leap | =15.0 | |
| openSUSE Leap | =15.1 | |
| debian/squid | 4.13-10+deb11u3 5.7-2+deb12u2 6.12-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
- http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
- http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
- http://www.squid-cache.org/Versions/v4/changesets/squid-4-2981a957716c61ff7e21eee1d7d6eb5a237e466d.patch
- https://bugs.squid-cache.org/show_bug.cgi?id=4937
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
- https://seclists.org/bugtraq/2019/Aug/42
- https://usn.ubuntu.com/4213-1/
- https://www.debian.org/security/2019/dsa-4507
- https://launchpad.net/bugs/cve/CVE-2019-12854
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPXN2CLAGN5QSQBTOV5IGVLDOQSRFNTZ/
- https://security-tracker.debian.org/tracker/CVE-2019-12854
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854
- https://nvd.nist.gov/vuln/detail/CVE-2019-12854
- https://ubuntu.com/security/CVE-2019-12854
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID is CVE-2019-12854.
What is the severity level of CVE-2019-12854?
The severity level of CVE-2019-12854 is high.
What is the affected software for CVE-2019-12854?
The affected software for CVE-2019-12854 includes Squid cachemgr.cgi 4.0 through 4.7 versions.
How can CVE-2019-12854 be exploited?
CVE-2019-12854 can be exploited by accessing unallocated memory in Squid cachemgr.cgi 4.0 through 4.7 versions.
How can I fix CVE-2019-12854?
To fix CVE-2019-12854, update Squid to version 4.8-1 or apply the appropriate patches provided by the vendor.
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/remedy
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-cve
- source/NVD
- agent/last-modified-date
- agent/trending
- vendor/squid-cache
- canonical/squid-cache squid
- version/squid-cache squid/4.0
- version/squid-cache squid/4.7
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/29
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.04
- version/canonical ubuntu linux/19.10
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.0
- version/opensuse leap/15.1
- package-manager/debian