1. Home
  2. Vulnerabilities
  3. CVE-2019-18679

CVE-2019-18679

CVSS v3.1 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 17.34 % (96th)
17.34% Progress
Affected Products 4
Advisories 17
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.

Weaknesses
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2019-11-26 17:15:13
(4 years ago)
Updated Date
2023-11-07 03:06:53
(10 months ago)

Affected Products

Canonical

Debian

Fedoraproject

Squid-cache

Configuration #1

    CPE23 From Up To
  Squid-cache Squid from 2.0 version and 2.7 and prior versions cpe:2.3:a:squid-cache:squid >= 2.0 <= 2.7
  Squid-cache Squid from 3.0 version and 3.5.28 and prior versions cpe:2.3:a:squid-cache:squid >= 3.0 <= 3.5.28
  Squid-cache Squid from 4.0 version and 4.8 and prior versions cpe:2.3:a:squid-cache:squid >= 4.0 <= 4.8
  Squid-cache Squid 2.7 Stable2 cpe:2.3:a:squid-cache:squid:2.7:stable2
  Squid-cache Squid 2.7 Stable3 cpe:2.3:a:squid-cache:squid:2.7:stable3
  Squid-cache Squid 2.7 Stable4 cpe:2.3:a:squid-cache:squid:2.7:stable4
  Squid-cache Squid 2.7 Stable5 cpe:2.3:a:squid-cache:squid:2.7:stable5
  Squid-cache Squid 2.7 Stable6 cpe:2.3:a:squid-cache:squid:2.7:stable6
  Squid-cache Squid 2.7 Stable7 cpe:2.3:a:squid-cache:squid:2.7:stable7
  Squid-cache Squid 2.7 Stable8 cpe:2.3:a:squid-cache:squid:2.7:stable8
  Squid-cache Squid 2.7 Stable9 cpe:2.3:a:squid-cache:squid:2.7:stable9

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.04 cpe:2.3:o:canonical:ubuntu_linux:19.04
  Canonical Ubuntu Linux 19.10 cpe:2.3:o:canonical:ubuntu_linux:19.10

Configuration #3

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0
  Fedoraproject Fedora 30 cpe:2.3:o:fedoraproject:fedora:30
  Fedoraproject Fedora 31 cpe:2.3:o:fedoraproject:fedora:31