CVE-2019-18679
squid: Information Disclosure issue in HTTP Digest Authentication
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks.
Se descubrió un problema en Squid versiones 2.x, 3.x y versiones 4.x hasta 4.8. Debido a una gestión de datos incorrecta, es vulnerable a una divulgación de información cuando se procesa HTTP Digest Authentication. Los tokens Nonce contienen el valor de byte sin procesar de un puntero que se encuentra dentro de la asignación de memoria heap. Esta información reduce las protecciones de ASLR y puede ayudar a atacantes a aislar áreas de memoria para apuntar ataques de ejecución de código remota.
Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks and access restricted servers. This issue was only addressed in Ubuntu 19.04 and Ubuntu 19.10. Jeriko One discovered that Squid incorrectly handed URN responses. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-11-04 CVE Reserved
- 2019-11-26 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (13)
| URL | Tag | Source |
|---|---|---|
| http://www.squid-cache.org/Advisories/SQUID-2019_11.txt | Third Party Advisory | |
| http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch | Release Notes | |
| https://bugzilla.suse.com/show_bug.cgi?id=1156324 | Issue Tracking | |
| https://lists.debian.org/debian-lts-announce/2019/12/msg00011.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2020/07/msg00009.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/squid-cache/squid/pull/491 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 2.0 <= 2.7 Search vendor "Squid-cache" for product "Squid" and version " >= 2.0 <= 2.7" | - |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 3.0 <= 3.5.28 Search vendor "Squid-cache" for product "Squid" and version " >= 3.0 <= 3.5.28" | - |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | >= 4.0 <= 4.8 Search vendor "Squid-cache" for product "Squid" and version " >= 4.0 <= 4.8" | - |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable2 |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable3 |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable4 |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable5 |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable6 |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable7 |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable8 |
Affected
| ||||||
| Squid-cache Search vendor "Squid-cache" | Squid Search vendor "Squid-cache" for product "Squid" | 2.7 Search vendor "Squid-cache" for product "Squid" and version "2.7" | stable9 |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||