CVE-2019-12521

MEDIUM Year: 2019
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-193
View all →

Vulnerability Description

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.

Related Vulnerabilities

CVE-2021-4070

MEDIUM
CVSS:5.9(Medium)

Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.

CWE-1932021

CVE-2020-27171

MEDIUM
CVSS:6.0(Medium)

An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic,...

CWE-1932020

CVE-2001-1391

MEDIUM
CVSS:5.5(Medium)

Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.

CWE-1932001

CVE-2004-0342

MEDIUM
CVSS:5.5(Medium)

WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 ch...

CWE-1932004

CVE-2017-2618

MEDIUM
CVSS:5.5(Medium)

A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to a...

CWE-1932017

CVE-2019-9209

MEDIUM
CVSS:5.5(Medium)

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with ex...

CWE-1932019