Allele Security Alert
ASA-2019-00451, CVE-2019-12854, SQUID-2019:1
Denial of Service issue in cachemgr.cgi
The Squid project
Squid versions 4.x up to and including 4.7
Squid version 4.8
Proof of concept
Due to incorrect string termination the cachemgr.cgi may access unallocated memory. On systems with memory access protections this can result in the CGI process terminating unexpectedly. Resulting in a denial of service for all clients using it.
Alex Rousskov (The Measurement Factory)
Squid Proxy Cache Security Update Advisory SQUID-2019:1
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 23, 2019