{
  "threat_severity" : "Important",
  "public_date" : "2020-04-24T00:00:00Z",
  "bugzilla" : {
    "description" : "squid: improper check for new member in ESIExpression::Evaluate allows for stack buffer overflow",
    "id" : "1827552",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1827552"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-121",
  "details" : [ "An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it's being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won't overflow.", "A flaw was found in Squid through version 4.7. When handling the tag esi:when, when ESI is enabled, Squid calls the ESIExpression::Evaluate function which uses a fixed stack buffer to hold the expression. While processing the expression, there is no check to ensure that the stack won't overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." ],
  "statement" : "The squid packages are compiled with protections like stack canaries, which should reduce the chance of a successful exploitation dramatically and the most likely outcome is a crash without code execution.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-05-06T00:00:00Z",
    "advisory" : "RHSA-2020:2040",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "squid-7:3.5.20-15.el7_8.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-05-06T00:00:00Z",
    "advisory" : "RHSA-2020:2041",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "squid:4-8020020200430095908.4cda2c84"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-05-06T00:00:00Z",
    "advisory" : "RHSA-2020:2038",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "squid:4-8000020200428154754.f8e95b4e"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2020-05-06T00:00:00Z",
    "advisory" : "RHSA-2020:2039",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.1",
    "package" : "squid:4-8010020200429095057.c27ad7f8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "squid",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "squid",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "squid34",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-12519\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-12519\nhttp://www.squid-cache.org/Advisories/SQUID-2019_12.txt\nhttps://gitlab.com/jeriko.one/security/-/blob/master/squid/CVEs/CVE-2019-12519.txt" ],
  "name" : "CVE-2019-12519",
  "csaw" : false
}