CVE-2019-12519

CVE-2019-12519

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled, Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it’s being evaluated. When processing the expression, it could either evaluate the top of the stack, or add a new member to the stack. When adding a new member, there is no check to ensure that the stack won’t overflow.

Source: CVE-2019-12519

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다