logo
DATABASE RESOURCES PRICING ABOUT US

FreeBSD : squid -- Vulnerable to HTTP Digest Authentication (620685d6-0aa3-11ea-9673-4c72b94353b5)

Description

Squid Team reports : Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.


Related