Allele Security Alert
ASA-2019-00451
Identifier(s)
ASA-2019-00451, CVE-2019-12854, SQUID-2019:1
Title
Denial of Service issue in cachemgr.cgi
Vendor(s)
The Squid project
Product(s)
Squid
Affected version(s)
Squid versions 4.x up to and including 4.7
Fixed version(s)
Squid version 4.8
Proof of concept
Unknown
Description
Due to incorrect string termination the cachemgr.cgi may access unallocated memory. On systems with memory access protections this can result in the CGI process terminating unexpectedly. Resulting in a denial of service for all clients using it.
Technical details
Unknown
Credits
Alex Rousskov (The Measurement Factory)
Reference(s)
Squid Proxy Cache Security Update Advisory SQUID-2019:1
http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
CVE-2019-12854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12854
CVE-2019-12854
https://nvd.nist.gov/vuln/detail/CVE-2019-12854
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 23, 2019