logo
DATABASE RESOURCES PRICING ABOUT US

Information Disclosure

Description

squid3 is vulnerable to information disclosure. The vulnerability exists due to incorrect data management when processing HTTP Digest Authentication where nonce tokens that contain the raw byte value of a pointer that sits within heap memory allocation, reducing ASLR protections.


Affected Software


CPE Name Name Version
squid3:xenial 3.5.12-1ubuntu7
squid3:bionic 3.5.27-1ubuntu1
squid:eoan 4.8-1ubuntu2
squid3:stretch 3.5.23-5+deb9u1
squid3:xenial 3.5.12-1ubuntu7
squid3:bionic 3.5.27-1ubuntu1
squid:eoan 4.8-1ubuntu2
squid3:stretch 3.5.23-5+deb9u1

Related