Squid Out-of-bounds Write Vulnerability - CVE-2019-12519

An issue was discovered in Squid through 4.7. When handling the tag esi:when when ESI is enabled Squid calls ESIExpression::Evaluate. This function uses a fixed stack buffer to hold the expression while it39s being evaluated. When processing the expression it could either evaluate the top of the stack or add a new member to the stack. When adding a new member there is no check to ensure that the stack won39t overflow.