Description

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.

Remediation

References

CVE-2019-12854

Related Vulnerabilities

MyBB Improper Access Control Vulnerability (CVE-2015-8973)

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-22818)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9449)

WordPress Plugin Auto Post to Social Media-WordPress to Buffer Cross-Site Scripting (3.7.4)

Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003049)

Severity

High

Classification

CVE-2019-12854 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities