CVE-2019-12854
7.5
HIGH
CVSS 3.1
EPSS 38.0%
Description
Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
How to fix CVE-2019-12854
To remediate CVE-2019-12854, upgrade the affected package to a fixed version below.
- Debian/squid—upgrade to 4.8-1 or later
Is CVE-2019-12854 being exploited?
Moderate — EPSS is 38.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 4.8-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |