Due to incorrect string termination, Squid cachemgr.cgi 4.0 through 4.7 may access unallocated memory. On systems with memory access protections, this can cause the CGI process to terminate unexpectedly, resulting in a denial of service for all clients using it.
https://bugs.squid-cache.org/show_bug.cgi?id=4937
http://www.squid-cache.org/Advisories/SQUID-2019_1.txt
https://www.debian.org/security/2019/dsa-4507
https://seclists.org/bugtraq/2019/Aug/42
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00056.html
http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00053.html
Source: MITRE
Published: 2019-08-15
Updated: 2022-01-01
Type: NVD-CWE-noinfo
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH