logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2019-18679

Description

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.


Affected Software


CPE Name Name Version
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 2.7
squid-cache:squid squid-cache squid 3.5.28
squid-cache:squid squid-cache squid 4.8
canonical:ubuntu_linux canonical ubuntu linux 16.04
canonical:ubuntu_linux canonical ubuntu linux 18.04
canonical:ubuntu_linux canonical ubuntu linux 19.04
canonical:ubuntu_linux canonical ubuntu linux 19.10
debian:debian_linux debian debian linux 8.0
fedoraproject:fedora fedoraproject fedora 30
fedoraproject:fedora fedoraproject fedora 31

Related