1. Home
  2. Vulnerabilities
  3. CVE-2020-11945

CVE-2020-11945

CVSS v3.1 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 13.80 % (96th)
13.80% Progress
Affected Products 5
Advisories 20
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter (a short integer). Remote code execution may occur if the pooled token credentials are freed (instead of replayed as valid credentials).

Weaknesses
CWE-190
Integer Overflow or Wraparound
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2020-04-23 15:15:14
(4 years ago)
Updated Date
2023-11-07 03:15:15
(10 months ago)

Affected Products

Canonical

Debian

Fedoraproject

Opensuse

Squid-cache

Configuration #1

    CPE23 From Up To
  Squid-cache Squid from 3.0 version and 3.5.28 and prior versions cpe:2.3:a:squid-cache:squid >= 3.0 <= 3.5.28
  Squid-cache Squid from 4.0 version and prior 4.11 version cpe:2.3:a:squid-cache:squid >= 4.0 < 4.11
  Squid-cache Squid from 5.0 version and prior 5.0.2 version cpe:2.3:a:squid-cache:squid >= 5.0 < 5.0.2

Configuration #2

    CPE23 From Up To
  Debian Linux 9.0 cpe:2.3:o:debian:debian_linux:9.0
  Debian Linux 10.0 cpe:2.3:o:debian:debian_linux:10.0

Configuration #3

    CPE23 From Up To
  Opensuse Leap 15.1 cpe:2.3:o:opensuse:leap:15.1

Configuration #4

    CPE23 From Up To
  Fedoraproject Fedora 30 cpe:2.3:o:fedoraproject:fedora:30
  Fedoraproject Fedora 31 cpe:2.3:o:fedoraproject:fedora:31
  Fedoraproject Fedora 32 cpe:2.3:o:fedoraproject:fedora:32

Configuration #5

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.10 cpe:2.3:o:canonical:ubuntu_linux:19.10
  Canonical Ubuntu Linux 20.04 cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts