Loading
Generated remediation guidance and an executive summary. No account required.
An issue was discovered in Squid through 4.7. When Squid is parsing ESI, it keeps the ESI elements in ESIContext. ESIContext contains a buffer for holding a stack of ESIElements. When a new ESIElement is parsed, it is added via addStackElement. addStackElement has a check for the number of elements in this buffer, but it's off by 1, leading to a Heap Overflow of 1 element. The overflow is within the same structure so it can't affect adjacent memory blocks, and thus just leads to a crash while processing.
Cite this page
CVE-2019-12521. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2019-12521
Use CWE-193, Squid-Cache vendor hub and Squid product page to widen CVE-2019-12521 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-62168, CVE-2025-54574 and CVE-2026-33526 for nearby disclosures in the same product family.