CVE-2019-12854
Description
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
44.493
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| squid security update(DSA-4507-1) squid_4.6-1+deb10u1_amd64.deb | Linux |
| Web proxy cache server (USN-4213-1) squid_4.4-1ubuntu2.3_i386.deb | Linux |
| Web proxy cache server (USN-4213-1) squid_4.4-1ubuntu2.3_amd64.deb | Linux |
| Web proxy cache server (USN-4213-1) squid_4.8-1ubuntu2.1_i386.deb | Linux |
| Web proxy cache server (USN-4213-1) squid_4.8-1ubuntu2.1_amd64.deb | Linux |
| Web proxy cache server (USN-4213-1) squid3_3.5.12-1ubuntu7.9_all.deb | Linux |
| Web proxy cache server (USN-4213-1) squid3_3.5.27-1ubuntu1.4_all.deb | Linux |
| (RHSA-2020:4743) squid:4 security, bug fix, and enhancement update squid-4.11-3.module+el8.3.0+7851+7808b5f9.x86_64.rpm | Linux |
| (RHSA-2020:4743) squid:4 security, bug fix, and enhancement update squid-debugsource-4.11-3.module+el8.3.0+7851+7808b5f9.x86_64.rpm | Linux |
| Web proxy cache server (USN-4213-1) squid3_3.5.27-1ubuntu1.4_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234