Published: 15 April 2020

An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.



CVSS 3 base score: 5.9


Package Release Status
Launchpad, Ubuntu, Debian
Released (4.11)
Ubuntu 20.10 (Groovy Gorilla)
Released (4.10-1ubuntu2)
Ubuntu 20.04 LTS (Focal Fossa)
Released (4.10-1ubuntu1.1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 LTS (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.10 (Groovy Gorilla) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.5.27-1ubuntu1.6)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (3.5.12-1ubuntu7.11)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist