Description
An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.
Remediation
References
Related Vulnerabilities
Liferay DXP Other Vulnerability (CVE-2024-25150)
WordPress Plugin Kish Guest Posting 'uploadify.php' Arbitrary File Upload (1.2)
WordPress Plugin YITH Custom Thank You Page for Woocommerce Security Bypass (1.1.6)
WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)
WordPress Plugin Connections Business Directory Unspecified Vulnerability (10.4.7)