vulnerability
Huawei EulerOS: CVE-2019-12521: squid security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:N/A:P) | Apr 15, 2020 | Sep 28, 2020 | Aug 13, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:P)
Published
Apr 15, 2020
Added
Sep 28, 2020
Modified
Aug 13, 2025
Description
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
Solutions
huawei-euleros-2_0_sp3-upgrade-squidhuawei-euleros-2_0_sp3-upgrade-squid-migration-script
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.