Description

Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.

Remediation

References

CVE-2019-12854

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery Multiple HTML Injection Vulnerabilities (1.9.0)

WordPress Plugin TinyMCE Custom Styles Cross-Site Scripting (1.1.2)

Ruby on Rails Improper Input Validation Vulnerability (CVE-2011-3187)

WordPress Plugin Search 10 times faster with Elasticsearch or Apache Solr with lots of data-WPSOLR Cross-Site Scripting (8.6)

WordPress Plugin gSlideShow Cross-Site Request Forgery (0.1)

Severity

High

Classification

CVE-2019-12854 CWE-119 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities