CVE-2018-19132

Name	CVE-2018-19132
Description	Squid before 4.4, when SNMP is enabled, allows a denial of service (Memory Leak) via an SNMP packet.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1596-1, DLA-2278-1
Debian Bugs	912294

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
squid (PTS)	bullseye	4.13-10+deb11u3	fixed
	bullseye (security)	4.13-10+deb11u5	fixed
	bookworm, bookworm (security)	5.7-2+deb12u3	fixed
	trixie	6.13-2	fixed
	forky, sid	7.2-2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
squid	source	(unstable)	4.4-1	low		912294
squid3	source	jessie	3.4.8-6+deb8u6		DLA-1596-1
squid3	source	stretch	3.5.23-5+deb9u2		DLA-2278-1
squid3	source	(unstable)	(unfixed)	low

Notes

http://www.squid-cache.org/Advisories/SQUID-2018_5.txt
3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-bc9786119f058a76ddf0625424bc33d36460b9a2.patch
4.x: http://www.squid-cache.org/Versions/v4/changesets/squid-4-983c5c36e5f109512ed1af38a329d0b5d0967498.patch